North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISPs' willingness to take action

  • From: Sean Donelan
  • Date: Mon Oct 27 11:39:37 2003

On Mon, 27 Oct 2003 [email protected] wrote:
> I said "low hanging fruit".  I didn't say "top-to-bottom security
> analysis".

If I fixed every computer on the Internet today, tomorrow Microsoft would
sell 17,000 new insecure installs of Windows.

Low-hanging fruit would be to get Microsoft to change its defaults.  Then
instead tomorrow, there would be 17,000 new "secure" installs of Windows.

> Does NOBODY remember that thread?

I remember it well.  I also remember ISPs removing the filters after a few
hours/days due to customer complaints because the applications they
wanted to use across the Internet stopped working.

Why shouldn't people be able to use NETBIOS, or Telnet or FTP or any other
insecure protocol across the Internet?  The security problems aren't due
to the packets crossing the Internet.  The security problems happen when
the packets reach an insecure end-host.

It is possible to use NETBIOS securely across the Internet withOUT a VPN.
I wouldn't recommend it, but I don't understand why ISPs should prohibit
the use of any particular 16-bit port number in a TCP/UDP header.

> And if all ISPs were doing all these thing (as you try to imply) we'd all
> be a lot better off, wouldn't we?

And are you implying ISPs aren't doing anything?

> So, am I advocating bad measures?

Naive measures.