How to secure the Internet in three easy steps

Sean Donelan sean at donelan.com
Fri Oct 25 21:36:27 UTC 2002


On Fri, 25 Oct 2002, Paul Vixie wrote:
> > Not only that, but unless _everyone_ implements 2 and/or 3, all the bad
> > people that exploit the things these are meant to protect will migrate to
> > the networks that lack these measures, mitigating the benefits.
>
> not just the bad people.  all the people.  a network with 2 or 3 in place
> is useless.  there is no way to make 2 or 3 happen.

AOL?  I believe they proxy almost all their subscribers through several
large datacenters, and don't allow users to run their own servers.

@Home prohibited customer servers on their network, blocked several
ports, and proxied several services.

Its common for ISPs outside of the US to force their customers to
use the ISP's web proxy server, even hijacking connections which attempt
to bypass it.

As part of their anti-spam efforts, several providers block SMTP port 25,
and force their subscribers to only use that provider's SMTP relay/proxy
to send mail.  Why not extend those same restrictions to other (all)
protocols?

Many corporate networks already proxy all their user's traffic, and
prohibit direct connections through the corporate firewalls.

I think its a bad idea, but techincally I have a hard time saying its
technically impossible.




More information about the NANOG mailing list