DHCP and Cox Cable

Kevin Brown plug-discuss@lists.plug.phoenix.az.us
Sun, 27 Jan 2002 00:42:24 -0700


Because we are the minority and not the majority.  Most users online don't have
a clue about anything computers save I click here and it takes me somewhere.

Basically in legalese, Cox is managing their bandwidth.  They are saving
themselves a headache by simply preventing outside (and possibly inside infected
systems) from infecting more of the systems on their network.  They have the
right to do it this way because it doesn't affect the majority of their user
base (which again, we are not in) who don't even know what IIS is or if it's
even installed and running on their system.

If they really wanted to be difficult they could shutdown all incoming requests
to their network for ports < 1024 except to the @work users.  Now everyone is in
compliance with their usage policy as you agreed to when you signed up.

What really has amazed me is that Cox and other large scale ISPs bought a huge
block of IP addresses when they might have saved themselves money and headaches
regarding these Damn worms by using something like NAT and give their
subscribers a 10.X.X.X address.  Then no one has port 80 exposed to the Net.

> Hmm, I think I have to disagree with that.  While cutting out excessive
> bandwidth usage by broken boxes run by idiots may be/have been convenient,
> is blocking a port at the ISP level really the right way to
> "fix" things?  I figure I pay an ISP to provide me an internet
> connection.  For that I expect them to route all IP packets to and fro
> whatever IP they give me.  When they make these decisions to stop doing
> that in little ways, here and there, then I don't have a true internet
> connection any longer.
> 
> The @home network, and now all the smaller cable networks, have always
> been annoying with their "no services" policy and their upstream bandwidth
> caps and with their "LAN with your neighbors" architecture and with their
> less reliable than dialup connections, etc. etc.  I remember when
> everybody used to block traffic from their silly scanning IP addresses and
> such at their firewalls.  Everybody was being stealthy and running their
> services for the rest of the world to see, but not the 24. class A
> space.  The thing about that always was that @home could have watched the
> ports traffic was being routed in to.  Move the ports around, and they can
> still set their IDS sensors to pick up on HTTP GET requests going inbound,
> SSH server banners going outbound, FTP server banners going outbound, etc.
> 
> If they still have such silly, arbitrary policies, and they have the spare
> time to follow up on things, they can still see what's going on.
> 
> Blocking port 80 to protect everybody though, as opposed to enforcing
> their nonsense policies, is still bad.  Why don't they start sniffing that
> same traffic and identify offenders on their own network.  I'm sure many
> people on this list could supply them long lists of affected IP addresses
> (maybe not from your cablemodem experiences any longer, but from work,
> school, your sister's friend's server, etc.  Why don't they do something
> to clean up their own house, rather than hide the symptoms.
> 
> Basically, I'd rather have all the traffic.  To have my ISP decide what
> traffic is good for me and what isn't, just stinks IMHO.  The lunacy that
> ensues every month or two when yet another "m$ RAS feature" is introduced
> into the wild needs to be addressed, but not by the ISPs...at least not by
> simply blocking all traffic to certain ports.
> 
> Oh well, probably nobody cares, but I feel better for having whined a bit
> about it :)
> 
> Wes
> 
> > I would say that Cox did the right thing several months ago by blocking port
> > 80.  It stopped a S**tload of code red and nimda infected systems from infecting
> > the whole of cox's network.
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss