lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1044476474.798.20.camel@bobby>
From: nicob at nicob.net (Nicob)
Subject: SQL Slammer - lessons learned

On Wed, 2003-02-05 at 16:38, Paul Schmehl wrote:

> Can you think of a legitimate reason why ISPs should allow ports
> 135-139/TCP/UDP to be open to the Internet?  How about port 445/UDP? 

IMO, it's not to the ISP to choose wich ports and services should I use.
I pay it (sort of) for a pipe running from my home-computer to the wild
Internet and *that's all*.

I don't want some "services" like transparent proxies, AV scanning at
the mail relay or port filtering. I just want a pipe ...

> What about the ISPs whose policy it is to not allow
> customers to run servers?

That's another problem.

If I ask for a pipe, I want a pipe.
If I ask for a discount ADSL access with limited amount of trafic and no
allowed hosting (HTTP, FTP, SMTP, SSH, ...), the ISP can restrict the
inbound ports.

If the next big vuln/worm is a SSH one, would you agree with an ISP
blocking inbound TCP/22 and forbidding to users to connect to their
home-LAN to check mails, get some files, start the coffe-maker or manage
downloads ?


Nicob





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ