[IP] Re: My [Phil Karn] position on Comcastidiocy

[David Farber <dave@farber.net>]

________________________________________
From: Phil Karn [karn@ka9q.net]
Sent: Monday, January 21, 2008 5:09 PM
To: Suresh Ramasubramanian
Cc: 'Seth Finkelstein'; zwhite@darkstar.frop.org; arachnid@notdot.net; rsk@gsp.org; 'Karl Auerbach'; David Farber
Subject: Re: [IP] My [Phil Karn] position on Comcastidiocy

Suresh Ramasubramanian wrote:
>> How about where he advocates (as I do) the use of a general purpose
>> packet monitoring facility?
>
> You do that AFTER you block port 25, because
>
> 1. SMTP traffic direct from dynamic IP space is usually worm traffic, no
> sense in deep packet inspecting it all just to let through the << 1% of
> valid smtp traffic.

I think we might find some common ground here. My objection to port 25 blocking
(and to blocking in general) comes from its involuntary, heavy-handed and
arbitrary nature. Were customers able to remove such blocks, ideally through a
web page without human assistance, my objections would dissipate.

As long as the user retains control, I wouldn't even object to blocking 25 by
default for each new customer.

I've long thought it would be a good idea for ISPs to provide general purpose,
USER CONTROLLED packet filters on each broadband circuit, particularly in the
downstream direction. I'd find such a filter quite useful in the event of a
denial-of-service attack as a filter on my end cannot keep unwanted traffic from
clogging my downstream link. User-provided filter configurations might even be
useful in mitigating DoS attacks in a more automated and systematic way.

The basic issue is **CONTROL**. I absolutely insist that you, as an ISP, have no
right to block incoming traffic that I want to receive. And I insist that you
have no right to block outgoing traffic that my recipient wants to receive.

And by "recipient" I mean "ultimate recipient", the human on the far end -- NOT
their ISP nor anyone else in the middle. An ISP's job is to deliver all wanted
traffic as best it can, intact and without censorship even of TCP port numbers.
Their only valid concern is congestion, but that's a separate subject.

I strongly resent ISPs (and people who work for ISPs) who tell me that I don't
"need" to send or receive a particular kind of traffic or "need" to use the
Internet in a certain way, and that I must do it in their "approved" way.

And I strongly resent ISPs who feel it's too much trouble to distinguish between
those who abuse the Internet and those who do not, so they treat everyone as guilty.

These attitudes convey the all-too-accurate impression that most ISPs treat
their customers as children, that the ISPs "know what's best" for them, and that
they do their paying customers a huge favor just by deigning to let them use
their facilities.


-------------------------------------------