Help

Longar, Dennis dlongar at IBSYS.COM
Fri Mar 2 10:37:28 EST 2001 

> -----Original Message-----
> From: bandit at zcore.net [mailto:bandit at zcore.net]
> Sent: Friday, March 02, 2001 8:35 AM
> To: Longar, Dennis; VPN at SECURITYFOCUS.COM
> Subject: Re: Re: Help
>
>
> Bah....they have been blocking ports ever since the 2 way
> cablemodems hit the
> street. Inititally, they left things wide open and that
> actually cost them more in
> support calls because idiots were running FILE AND PRINTER sharing and
> allowing people to connect to them via netbios over their cablemodem.
>
> So first they started blocking some ports which hackers were abusing.
> (I remember one occasion where a local church had their
> laser printer shared
> and they found it printing reams of PORN...)

Blocking port for the protection of the average customer is probably
somewhat OK.  If the ISP gets threatened with a law suit or something...

Is it possible to read the manual and be able to reset the
boot files yourself?  Or do they lock you out of that?  I
guess I would try and research the hardware and see if there
is any change you can make to how it boots to open it up to
all ports.

> The boot files which are loaded now contain quite a few access
> lists for port
> filtering depending on which bootfile you get. Most customers
> are completely
> oblivious to this fact.

When you're creating a service for the masses you have to take some
precautions also, I guess maybe QWEST was more liberal, we would,
and did help many customer get VPN's working.  The more customers
you get, what you find is the higher your over subscription ratio
gets.  Overall business customers % is relatively low.

> RoadRunner service as many other providers is not managed in
> a global fashion
> when it comes to network operations. Because they are often
> piecemeal acquisitions
> of other cable providers, they tend to have regional
> differences in how they operate
> their broadband networks.

Yes, they are Franchises versus regulated entities!

> I have heard that in some markets, @Home is in fact filtering
> VPN access and
> pushing customers towards @Work accounts.

That is lame, and I would encourage people to let them know,
and if telling them doesn't help, talk with your money and
dump their service.

I suppose you also have to be interested in pricing.  If it was
$1-$2 more per month to be able to do VPN... I guess I might be
more apt to buy a business grade service.  If the price is double
or 50% more, I would question it.

I go to work almost every day, but on those few days and
evenings when I need to work from home, I need to work from
home! and I would not put up with paying a business rate for
how little I do it.

Part of me would like to say everything should be wide open,
and responsibility should be the subscribers problem.

I have very little sympathy for a church that didn't know what
they were getting with cable modem. Our church set up a voluntary
technology committee that made recommendation on how to prevent
things like the above.  If they can afford the computer and the
internet (or if it was donated) they can get together a voluntary
committee to make sure they're protected.

Caveat Emptor!

When those kind of things hit the press and fall back to the
provider/ISP, they do whatever they can to protect themselves
from it happening again...  I guess...

I guess the other old saying, "The masses are asses" comes in
here too.

Thanks!  I'm done whining now!  Good luck!!

For a solution I would suggest you find out about your hardware
and see if you can modify it yourself.

-Dennis

> ----- Original Message -----
> From: "Longar, Dennis" <dlongar at IBSYS.COM>
> To: <VPN at SECURITYFOCUS.COM>
> Sent: Thursday, March 01, 2001 6:03 PM
> Subject: Re: Help
>
>
> > I agree with you Joseph.  I don't know of any ISP's
> > that block ports.
> >
> > The bottom line is it costs more to do things like block
> > ports.  If nothing else it costs them in support with calls
> > into the tech support line, to say, "why are you blocking my
> > ports".
> >
> > Of course I don't know how all ISP's implement their service,
> > but I do know I have Road Runner service and VPN works fine
> > for me.
> >
> > Worked at USWEST/now QWEST, was involved in engineering
> > and planning for DSL rollout.  We wouldn't even consider
> > blocking ports, the technology (PAT / NAT) did enough
> > blocking for us... 8-)
> >
> > We had a lot of calls with people saying we were blocking
> > ports, but there was/is no blocking.  There were issue with
> > the GRE protocol type going through the router, and PAT
> > caused problems early on, but it wasn't intentional blocking
> > by the ISP.  It was implementation issues with the network
> > device vendor.
> >
> > Business level service mean if you have a problem PAT'ing
> > or NAT'ing, we'll help you figure it out, cause your paying
> > extra.  If your just a general home user, you are on your
> > pretty much on your own.
> >
> > It's possible that hardware vendors may add feature to their
> > products to make it easier for the broadband provider to block
> > ports, but I really agree with Joseph, it will effect the providers
> > revenue stream more than it's worth.  If they don't see that
> > now, they will.
> >
> > If my VPN stops working because RoadRunner starts blocking ports,
> > I will dump them immediately and with extreme prejudice. 8-)  but
> > I still refuse to believe they would block ports.
> >
> > Thanks!
> >
> > -Dennis
> >
> > > -----Original Message-----
> > > From: Joseph S D Yao [mailto:jsdy at COSPO.OSIS.GOV]
> > > Sent: Thursday, March 01, 2001 4:01 PM
> > > To: VPN at SECURITYFOCUS.COM
> > > Subject: Re: Help
> > >
> > >
> > > On Thu, Mar 01, 2001 at 02:45:08PM -0500, Carl E. Mankinen wrote:
> > > > Home accounts are for "personal" use. Not for always-on VPN
> > > "business" use.
> > >
> > > That may be, although I have yet to see this specified in an ISP's
> > > agreement.  ISTM this is being tacked on.  Contracts being changed
> > > unilaterally leads to a lack of trust and ultimately a loss
> > > of revenue.
> > >
> > > > If businesses wish to have employees telecommute, they must
> > > get business accounts to do it.
> > >
> > > Also fine.
> > >
> > > What about my buddies and I who just want to have a nice
> little chat
> > > about our hobbies without the possibility of anyone listening
> > > in?  This
> > > was probably a wider use of FreeSWAN than any business
> use, at first.
> > >
> > > --
> > > Joe Yao jsdy at cospo.osis.gov -
> > > Joseph S. D. Yao
> > > COSPO/OSIS Computer Support EMT-B
> > > --------------------------------------------------------------
> > > ---------
> > > This message is not an official statement of COSPO policies.
> > >
> > > VPN is sponsored by SecurityFocus.COM
> > >
> >
> > VPN is sponsored by SecurityFocus.COM
> >
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list