Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Notifying user of open Internet access

Reply
Thread Tools

Notifying user of open Internet access

 
 
Leythos
Guest
Posts: n/a
 
      12-15-2004
In article <(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> > All I would ask is that when the cable/dsl installer
> > provides the box to the user, that it be setup doing NAT, even if it's
> > 1:1 NAT with no inbound ports mapped, which requires no additional
> > hardware at the ISP's NOC.

>
> Now THAT sounds quite different, and I actually heartily agree with
> that


That was all I was talking about to begin with - I never wanted the
ISP's to purchase anything new, just use the features of appliances they
already have, if the appliance already provided it.

> Won't really change that much, though, because outside of the US far
> fewer people use routers, but at least it would help get rid of the
> RoadRunner- users. Still, in the long run it's better if OSes would
> come with sensible defaults and would make it harder for the user to
> shoot himself in the foot - we're already seeing the first steps in
> that direction, and hopefully things will get better in the future.


There is more to cable than just RR, in LA for instance, Adelphia offers
Cable Modem service, and it was NAT'd on at least 6 installs we did.
There were some installs of it that gave public IP's, but they blocked
inbound to common ports (80, 25, 135~139,445) so that people could not
run common server services off of it.

I've also had many PPOE setups that were DSL with the modem providing
NAT.

> But I hope you'll agree that NAT for dialin-users would be way over the
> top, too ))


NAT, if done at the ISP's NOC, is a total pain for them, but, if people
were to use the LAN Modem devices, which are very cheap, then it would
be very reasonable. For dial-up, I could see blocking all inbound and
outbound 135~139,445, since it would be completely unreasonable to
attempt file sharing of any type over dial-up any more.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
 
 
 
Juergen Nieveler
Guest
Posts: n/a
 
      12-15-2004
Leythos <(E-Mail Removed)> wrote:

>> Now THAT sounds quite different, and I actually heartily agree with
>> that

>
> That was all I was talking about to begin with - I never wanted the
> ISP's to purchase anything new, just use the features of appliances
> they already have, if the appliance already provided it.


I was fooled by you talking about "everybody"

> NAT, if done at the ISP's NOC, is a total pain for them


Indeed, that's why I was so shocked that you were advocating it...

> people were to use the LAN Modem devices, which are very cheap, then
> it would be very reasonable. For dial-up, I could see blocking all
> inbound and outbound 135~139,445, since it would be completely
> unreasonable to attempt file sharing of any type over dial-up any
> more.


Port blocking can't be done, I'm afraid - not as bad as NAT, but the
ISP still would have to have ACLs on either their backbone or their
dialup- switches. That would be a lot of load, just to protect people
too stupid to protect themselves. To the ISPs that won't sound
attractive - they'll prefer to sell "security packages" to their
customers or to shut them down when abuse notices come in (and THEN
sell them the "security package").

Some ISDN-Cards (AVM Fritz) come with a dialer application that has NAT
built-in, but I don't think there is really all that much that could be
done to stop dialup-users.

But cheer up - sooner or later even the last home user will realize
that his WinME isn't really all that great anymore

Juergen Nieveler
--
Are we having any fun yet?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Notifying a user on demand Nick ASP .Net 2 07-09-2008 03:32 AM
Notifying user of running process? (Pete Cresswell) HTML 5 10-24-2004 12:42 AM
Re: Notifying clients in asp.net Eliyahu Goldin ASP .Net 0 08-04-2004 01:50 PM
MSCE 2000 And notifying microsfot. Jonathan Lackey MCSE 14 02-28-2004 11:18 AM
Prometric closed my test center without notifying me Tommy MCSE 0 10-22-2003 02:18 AM



Advertisments