[sdnog] Understanding the Origins of Anomalous Open DNS Resolvers

[Nishal Goburdhan]

On 07 Mar 2015, at 14:02, Asim Awadalla <asim.awadalla at gmail.com> wrote:

> For your question regarding the open ports, generally the ISPs do not block any port at the end user terminal, but rather block it from PGW if it is of any risk, some of the ports, due to the changing technology,  might be needed in certain applications or services where by the ISP cannot go individually and for all users to change their settings in order to enable the port.

actually, i would *hope* that the ISPs do not block any ports.  i know that some ISPs now block tcp 25 to help deal with spam, but that's usually the exception at this stage.  i think you want to be very careful when you start doing this (ie. asking your ISP to be be your firewall).  
a temporary block (as in the case of a dDOS, when you ask for it) is ok.  but a permanent firewall...unless you're paying for it, i would do it (as an ISP), and as a user, i *want* the ability to run my ssh daemon on tcp 25 if i really wanted to  :-)


> Hope this will clear out the conspiracy theory of the ISPs J .

ah,  i think he meant back-doors from router vendors and the sort.  not the ISPs   :-)

--n.