> ISPs will be the same.�� Try and restrict people and you'll just end up��playing whack-a-mole

I agree that trying to restrict creative people from having free access will result in whack-a-mole, but common sense is needed when considering the damage that can be done with basic reflection attacks.

Should you default block the deafult SNMP port to a residential user from the Internet? Can the CPE vendor be trusted to not leave a default "public" community with the Internet facing interface permitted? Can the user be trusted to secure their own network devices to prevent misuse?

��

Which of these things is the easiest to accomplish and provides no reduction in experience for 99.95% of "normal" residential Internet users? Which of them has the potential to melt down the Internet if a CPE vendor ships 500,000+ units of equipment and leaves a door open?

Macca

On Tue, Nov 4, 2014 at 1:40 PM, Dean Pemberton <nznog@deanpemberton.com> wrote:

On Wed, Nov 5, 2014 at 10:12 AM, David Robb <ender@paradise.gen.nz> wrote:

> Which is the last thing I think worth mentioning; that the internet will
> route around damage, whether we like it or not. We can filter things, we can
> try to block stuff, but unless you cut off the connectivity completely,
> devices and programs will still find ways to talk directly to each other.
>
>

Good point well made.�� It's something that IT departments are having
to live with and ISPs will be no different.
If you don't give employees the quality of�� email or file storage that
they have come to expect, they'll just install gmail and install
dropbox. and BYO-IT-Department is born.

ISPs will be the same.�� Try and restrict people and you'll just end up
playing whack-a-mole.

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog