DMZ with SME server.
Michael Butash
michael at butash.net
Sun May 24 22:26:57 MST 2009
Nah, I worked for @home and cox before they implemented those filters,
and they proved absolutely essential to keep grandmas from spewing
uncontrolled spam/virii, people from perusing each others hoard of pr0n
via network neighborhood (calling us to complain none the less), and
various other good reasons I could tell support stories for days about.
Filters like these are quite necessary for a relatively computer
ignorant society as a whole. Everyone else just gets swept into the
lowest common denominator of the masses.
I'm a proponent for letting willful candidates participate in the
compsci Darwin awards, but when windoze boxen exploits can be had for
less than the cost of a good steak (or simply for entertainment factor),
and their trusted OS vendor unable to properly secure it for them, it
keeps cox out of the hot seat as a service provider. When infecting
hosts by the millions became a business, anything else is a liability
for carriers. In this day and age, even simple port filtering isn't
enough, but it's mostly all they can do without being invasive to you or
me inadvertently. Simply put, you can't trust the masses, or Microsoft,
to secure their own computers. Thanks Microsoft.
It is annoying I can't host my own webserver, but probably better to
keep myself from horrifying people with my lack of color sense.
Cheaper/easier to host somewhere, and typically better uptime as well.
I hate this too, but anything else obscure I might want to play with, is
going to be open anyways. IPsec vpn and ddns works great for me,
nullifies the whole open port thing.
-mb
On Sun, 2009-05-24 at 14:59 -0700, Ryan Rix wrote:
> On Sun, May 24, 2009 at 2:56 PM, Ryan Rix <phrkonaleash at gmail.com> wrote:
> > http://support1.cox.com/sdccommon/asp/contentredirect.asp?sprt_cid=643ad749-1a58-4824-9d1c-8cd5579e132a
>
> "Microsoft SQL Server is a database application with a long history of
> security exploits, and is noted for the propagation of the SQLslammer
> worm. These ports are filtered to prevent exploitation and propagation
> of such MS-SQL exploits."
> The rest of that article and its rationales is somewhat FUD. A
> bandwidth cap or so would be more affective at curbing such virii and
> upstream usage than a simple network block. It's all about charging
> users every last cent (for static IP, unclocked ports, business
> contracts, etc)
>
> On an off note, I didn't know that they blocked port 25 EXCEPT for cox
> servers. What a load of sh*t. Sounds like we're all staying at some
> third rate hotel.
>
> Ryan
>
More information about the PLUG-discuss
mailing list