Date: Tue, 28 Sep 1999 23:32:43 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: ben@scientia.demon.co.uk (Ben Smithurst) Cc: freebsd@gndrsh.dnsmgr.net, chat@FreeBSD.ORG Subject: Re: Filtering port 25 (was Re: On hub.freebsd.org refusing to talk to dialups) Message-ID: <199909282332.QAA13935@usr07.primenet.com> In-Reply-To: <19990925222536.A1470@lithium.scientia.demon.co.uk> from "Ben Smithurst" at Sep 25, 99 10:25:37 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > It is however based upon reality in the world of using web caches > > (which I don't see anyone objecting to) at ISP's to increase web > > access speed. > > I have no objection to web caches, no. I *do* have an objection to > having all traffic out of my machine *forced* to go through the ISP's > web cache. If I want to use it, I know how to configure my software to > use it (and I do use it), I don't need the ISP doing that for me. FWIW, most ISPs buy POPs (Points of Presense) from a big provider, and do not control the IP address assignment (even for static IP addresses) nor do they control the account name assignments, which must apriori not conflict with existing RADIUS records from the middle tier provider. What this effectively means is that, unless you are a Mom-and-Pop ISP, and are a very small time player in the ISP game, you will not control your points of presence, and will therefore be unable to filter packets in or out of your customer's machine, unless they choose to let you do this by pointing their machines at your servers. Other than RADIUS acconting records on connect and disconnect, which any intelligent ISP would be using to do DNSUPDATE, converting the dynamic IPs into session-static IPs, and adjusting reverse records so that "everything just works", including ETRN to dialup servers, you really don't get notification of your customer's IP traffic, unless it is directed to, or through, one of your machines. The thing that's really moronic is that the filtering is based on IP address, not domain name. It's relatively cheap to burn an IP address in a SPAM, especially if it does not belong to you, whereas burning a domain name will cost you $70 a pop and tend to piss off ARIN and other powers-that-be to the point where you won't get new ones. Domain-name/certificate pairs are the technically correct (and more expensive for the SPAM'mer, in the long run) soloution. What are you going to do when IPv6 gets widely deployed? Put the entirety of the stateless autoconfiguration space into the DUL so that pwople with Linux laptops can't hit-and-run SPAM at airport terminals computer lounges and "cyber" Caffes? Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909282332.QAA13935>