yeah, its a bar. On Wed, Apr 27, 2016 at 10:32 PM, Ken Hohhof <af...@kwisp.com> wrote:
> Did the OP state the customer was a bar? I missed that. > > > *From:* Eric Kuhnke <eric.kuh...@gmail.com> > *Sent:* Wednesday, April 27, 2016 10:19 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] abuse reports on customer IPs > > It'll break basic functionality. At least in the Pacific Northwest I > haven't run into an open coffee shop wifi (Blenz, McDonalds, Starbucks, > Waves Coffee, and a dozen other competitors) that operates a default-deny > filter as you describe. In fact it's even possible to torrent through 95% > of them without connecting to my VPN. > > Even the fast food burger restaurants don't seem to have particularly > restrictive firewalls in place on their free wifi (Jack in the Box, Burger > King). > > If the bar owner referenced in the original wants to try to do that, with > their own firewall, they can certainly try... But it's not the ISP's > responsibility to configure the user's in-premises wifi/"last 20 meters" > connection to client devices. Define a hard demarc point at "This is the > 100BaseTX port to the WAN of your router, here is your ca5e cable, please > let us know if you see any packet loss or downtime". > > Unless you have some sort of managed services division that charges extra > and deals with the hassle of maintaining the end user's firewall/wifi. > > > > > On Wed, Apr 27, 2016 at 8:10 PM, Ken Hohhof <af...@kwisp.com> wrote: > >> If this is an open WiFi hotspot, why can’t you allow basic web browsing, >> POP/IMAP, and SMTP port 587 but not 25, and block everything else? >> >> I often find that at hotpots I can’t use telnet, SSH, Winbox, etc. >> Probably can’t connect to destination port 25 either. Heck, most regular >> ISPs block destination port 25. >> >> Open Internet should not apply to a coffee shop hotspot, I don’t think >> you are required to transport anything and everything in that situation. >> >> >> *From:* Eric Kuhnke <eric.kuh...@gmail.com> >> *Sent:* Wednesday, April 27, 2016 8:58 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] abuse reports on customer IPs >> >> If it is a customer that operates a open public wifi AP like a coffee >> shop, bar, restaurant, there is not a lot that you can do. Customer won't >> stop running open wifi, people won't stop bringing in infected laptops. No >> way to find out who has the infected laptops/devices. >> >> One possible solution if sufficient ARIN IP space is available is to put >> all such customers in their own special swamp netblock as static >> assignments. Consider that block forever sullied. >> >> On Wed, Apr 27, 2016 at 6:54 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >>> I know its bad practice, I normally enjoy turning customers off, it >>> makes me feel godlike and powerful, alot of times when i get to shut one >>> off i go upstairs and drag mu woman from her bed by her hair to the kitchen >>> to make me a sammich. but for whatever reason i like this customer >>> >>> On Wed, Apr 27, 2016 at 5:31 PM, Eric Kuhnke <eric.kuh...@gmail.com> >>> wrote: >>> >>>> Spam and botnet activity is far more harmful to the health of your >>>> network and the IP reputation of your netblocks than anything DMCA related. >>>> >>>> >>>> torrents and DMCA notifications don't hurt the network. Knowingly >>>> leaving something that is a repository of virii/worms/trojans online is >>>> just bad practice. >>>> >>>> >>>> On Wed, Apr 27, 2016 at 7:09 AM, That One Guy /sarcasm < >>>> thatoneguyst...@gmail.com> wrote: >>>> >>>>> We have a particular customer, We have been getting tons of abuse >>>>> reports on their static IP, I assume we will never be able to wash this >>>>> sullied IP clean. Theyre not really doing any harm to our network, or >>>>> impacting others on the network, they are in full breach of our TOS, thats >>>>> for sure. suprisingly, its primarily spam and botnet activity, but no >>>>> DMCA. >>>>> >>>>> Is there any liability on us as an ISP to not address this >>>>> affirmatively with the customer. Im going to contact them, may offer a >>>>> leased fortigate UTM option. But if there isnt a resolution, other than >>>>> their static IP residing on every blacklist can we get nailed? >>>>> >>>>> Its a good customer, pays their bill on time, worked with us through a >>>>> service issue without the usual "gimme discounts and free shit or im going >>>>> elsewhere" I dont want to HAVE to disconnect them if im not required to >>>>> and >>>>> theyre not impacting others if they cant or wont resolve the issues >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>> >>>> >>> >>> >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >> >> > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.