2 Jul
2004
2 Jul
'04
1:20 p.m.
no need to do a TOFU, you know?
which means?
Guess what, @work we have a few dialup lines, normal
users of
these have only a very few "standard" ports open towards the
internal network.
it's a different story whether we talk about work or isp.
Your normal internet-surfing 0815 guy will not need
much more
than DNS, FTP, HTTP, and SMTP via the ISP mailserver - maybe
some high ports for stuff like chat, p2p, streaming media.
That's exactly the kind of use I'm talking about.
right. but because of those joe users, others should have everything blocked
as well?
wow kewl...
People that actually use other stuff - say, SSH - are
rather
rare.
think so?
Those relatively clued users could for instance be
accomodated by a filter adaptable through some webinterface.
i don't think so.
i rather think that IF they start blocking everything, they will do so and
nothing else.
so no webinterface, and no exceptions.
it would be a great idea if they would block everything and then give you
access to a webinterface and let you do what you want (open everything, some,
none). but i doubt something like that would happen....
I know this is problematic for an ISP. For companies,
this
is standard policy.
it's normal for companies... i tottaly agree. but that's different from an
isp.
i mean, you
use a service and you are supposed to know their terms and
policy. and you are supposed to know what possible danger you are
exposing yourself if you get connected.
now you should manage yourself to protect yourself or use software
supplied by your provider for that purpose.
That's the current status, indeed. Fact is, it doesn't work out
very well. "firewall logs"! disabling port
25 is a bad thing.
It's not "disabled". With the discussed blocking of outbound
SMTP traffic except for the ISP mailserver, email still works. For the larger organizations I know of (granted,
that's more
of a company setting, not ISP), everyone denies outbound SMTP
traffic except from the company mailserver.
company != isp
you know,
there are many ports right?
Sure. But those pesky mailservers usually listen on port 25 only.