jbates at brightok.net
Fri Feb 4 19:26:22 CST 2011
On 2/4/2011 6:27 PM, Owen DeLong wrote:
>> Hell, even without CPE doing it, many residential ISPs (regardless of NAT) block inbound traffic to consumers.
> Really? And they have subscribers? Surprising.
Mark Andrews wrote:
> I run machines all the time that don't have firewall to protect
> them from the big wide world out there. I suspect we all do. Your
> not behind a external firewall when you are at NANOG or IETF.
> Everyone doesn't suddenly get "owned" because there isn't a external
> firewall. Modern OS's default to secure.
Yes, and some of you thanked us for blocking RPC in the ISP or in the
cable modems. Many such blocks are still in place in many ISPs as there
was no reason to ever remove them. TCP/25 outbound is often blocked in
many locations as well. Just because you don't notice the firewall,
doesn't mean it doesn't exist. We stay in business when you don't notice. :)
More information about the NANOG