From: Christoph Puppe (puppe@hisolutions.com)
Date: Thu Jul 07 2005 - 05:05:51 EDT
Maarten Hartsuijker schrieb:
> Hmmm, I hope your ISP is not setting a trend over here in NL. So far,
> fortunately, I have not noticed any portscan blocking at my ISP. Using
> low-tech ISP appears to have its advantages as well ;-)
>
> Personally, I still don't know if I consider blocking based on port
> scans a good or a bad thing. For instance: what would happen if someone
> decides to spoof the IPS of a couple of subnet-neighbours while
> portscanning? Or the IP's of the DHCP/DNS servers (I hope these are
> whitelisted)?
A provider that does not even block ip-spoofing shouldn't venture into this
kind of protective measures, sure thing.
Unsuspecting users get hacked in the thousands each day, my opion is, that
a provider should acknoledge this and take measures. The provider can do a
lot to protect it's own customers and the internet as a whole:
oo prevent IP-Spoofing
oo block Broadcasts
oo filter TCP (in and out) ports 7,13,19,25,135,139,445
oo have an smtp-relay for its customers, with rate limits
oo react fast to new threats, e.g. when a new worm is out-> filter the port
If you realy want to do your customers a favor, you ask them for consent to
being protected by an IPS or offer this at a premium. Same goes for
malware protection with email-relays and proxies.
Or kid-save internet access, but thats a complicated topic for other lists ;)
-- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT