----- Original Message -----
From: "Wes Bateman" <
wes@manisec.com>
To: <
plug-discuss@lists.plug.phoenix.az.us>
Sent: Sunday, January 27, 2002 12:16 AM
Subject: Re: DHCP and Cox Cable
> Hmm, I think I have to disagree with that. While cutting out excessive
> bandwidth usage by broken boxes run by idiots may be/have been convenient,
> is blocking a port at the ISP level really the right way to
> "fix" things? I figure I pay an ISP to provide me an internet
> connection. For that I expect them to route all IP packets to and fro
> whatever IP they give me. When they make these decisions to stop doing
> that in little ways, here and there, then I don't have a true internet
> connection any longer.
>
> The @home network, and now all the smaller cable networks, have always
> been annoying with their "no services" policy and their upstream bandwidth
> caps and with their "LAN with your neighbors" architecture and with their
> less reliable than dialup connections, etc. etc. I remember when
> everybody used to block traffic from their silly scanning IP addresses and
> such at their firewalls.
Everybody was being stealthy and running their
> services for the rest of the world to see, but not the 24. class A
> space. The thing about that always was that @home could have watched the
> ports traffic was being routed in to. Move the ports around, and they can
> still set their IDS sensors to pick up on HTTP GET requests going inbound,
> SSH server banners going outbound, FTP server banners going outbound, etc.
>
> If they still have such silly, arbitrary policies, and they have the spare
> time to follow up on things, they can still see what's going on.
>
> Blocking port 80 to protect everybody though, as opposed to enforcing
> their nonsense policies, is still bad. Why don't they start sniffing that
> same traffic and identify offenders on their own network. I'm sure many
> people on this list could supply them long lists of affected IP addresses
> (maybe not from your cablemodem experiences any longer, but from work,
> school, your sister's friend's server, etc. Why don't they do something
> to clean up their own house, rather than hide the symptoms.
Judging from the actual literacey of people @ cox cable on computing I think
most of the above is out of their league or so to speak ..
Like most cheap and cheerful ISP's they have and yes im sorry to say it
hired Monkeys who do not understand simple concepts of SSH HTTP and other
distinctive tcp services.
so actually being able to identify woodby offenders is a no no ..
>
> Basically, I'd rather have all the traffic. To have my ISP decide what
> traffic is good for me and what isn't, just stinks IMHO. The lunacy that
> ensues every month or two when yet another "m$ RAS feature" is introduced
> into the wild needs to be addressed, but not by the ISPs...at least not by
> simply blocking all traffic to certain ports.
>
> Oh well, probably nobody cares, but I feel better for having whined a bit
> about it :)
>
> Wes
>
> > I would say that Cox did the right thing several months ago by blocking
port
> > 80. It stopped a S**tload of code red and nimda infected systems from
infecting
> > the whole of cox's network.
>
yeah but only the people running M$. Linux/*Nix is not troubled ..
Since your on this list i would hope you run Linux ( if no then what are you
doing here )
Nige
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>