On Feb 4, 2011, at 5:26 PM, Jack Bates wrote: > On 2/4/2011 6:27 PM, Owen DeLong wrote: >>> Hell, even without CPE doing it, many residential ISPs (regardless of NAT) >>> block inbound traffic to consumers. >>> > >> Really? And they have subscribers? Surprising. >> > > Mark Andrews wrote: >> I run machines all the time that don't have firewall to protect >> them from the big wide world out there. I suspect we all do. Your >> not behind a external firewall when you are at NANOG or IETF. >> Everyone doesn't suddenly get "owned" because there isn't a external >> firewall. Modern OS's default to secure. > > Yes, and some of you thanked us for blocking RPC in the ISP or in the cable > modems. Many such blocks are still in place in many ISPs as there was no > reason to ever remove them. TCP/25 outbound is often blocked in many > locations as well. Just because you don't notice the firewall, doesn't mean > it doesn't exist. We stay in business when you don't notice. :) > > > Jack
True... If you review the NANOG archives you'll find that at least in the case of the port 25 absurdity, I have noticed and have railed against it. Owen