Re: Filters for dialup ppp/slip/shell (fwd)

Stephen Zedalis (tintype@exis.net)
Mon, 9 Dec 1996 18:38:52 -0500 (EST)

On Mon, 9 Dec 1996 patrick@value.net wrote:

> > But those type of filters should be put on your internet link so all of
> > your network - dialup users and servers - are protected. You wouldn't
> > want to put them on slip/ppp links would you?
>
> Correct.
>

Actually, you may want filters on BOTH. To be a good net citizen you
should not only protect your servers and users from the internet, but
you should also protect your servers and the internet from your users.
(This is actually recommended by CERT in the anti-spoofing and SYN
attack advisories and recommendations)

Hackers have a provider somewhere and I bet systems that have been
attacked wished that the hacker's provider had thought to put filters
on their dialup ports. Its alot easier to detect the source of an
intrusion if you can stop and/or log the attempt at the source.

Its a choice that needs to be made (performance vs. security) individually
by each provider. Besides, some PPP connections are another provider
whose customers you may not have direct control over.