Eric wrote:
>
> What is clear is that the ISP has the ability to do certain things very
> easily and inexpensively that may be quite difficult for most customers
> to do. For example, using access-lists to deny non-established
> access to certain ports frequently scanned by script kiddies is quite
> easy to do.
But blocking non-established sessions assumes that the person
subscribing to the service doesn't want to offer services. It
also does nothing for UDP.
> On at least some Cisco routers, you can even associate access-lists with
> users on a user by user basis. It would be quite easy for ISPs using
> those routers to apply access-lists to those customers interested in
> greater security.
I believe those types of access lists, particularly in the number
required by an ISP, would have extremely adverse affects on router
performance.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
