<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/27/16 15:11, Pete Mundy wrote:<br>
</div>
<blockquote
cite="mid:FF1C55DC-8A2B-4B72-B22A-B5F90C5ED4B2@fiberphone.co.nz"
type="cite"><snip><br>
One particular message from the thread that sums it up well is
quoted follow below. But there are others, so it's worth reviewing
the entire thread.<br>
<snip><br>
<div class=""><br class="">
</div>
<div class="">On 6/05/2016, at 8:45 am, Mark Smith <<a
moz-do-not-send="true" href="mailto:markzzzsmith@gmail.com"
class=""><a class="moz-txt-link-abbreviated" href="mailto:markzzzsmith@gmail.com">markzzzsmith@gmail.com</a></a>> wrote:</div>
<div class="">
<p dir="ltr" class="">On 5 May 2016 20:28, "Peter Fern" <<a
moz-do-not-send="true" href="mailto:ausnog@0xc0dedbad.com"
class=""><a class="moz-txt-link-abbreviated" href="mailto:ausnog@0xc0dedbad.com">ausnog@0xc0dedbad.com</a></a>> wrote:<br class="">
><br class="">
> What do the default firewalls look like on those modems?
Will we<br class="">
> suddenly find thousands of Windows PCs directly
accessible on the Internet?<br class="">
<br class="">
</p>
<p dir="ltr" class="">Possibly, and it doesn't matter.</p>
<p dir="ltr" class=""><a moz-do-not-send="true"
href="https://technet.microsoft.com/library/bb877979"
class="">https://technet.microsoft.com/library/bb877979</a></p>
<p dir="ltr" class="">Every version of Windows since then has
had a host firewall, mainly courtesy of this guy - <a
moz-do-not-send="true" href="http://www.huitema.net/bio.asp"
class=""><a class="moz-txt-link-freetext" href="http://www.huitema.net/bio.asp">http://www.huitema.net/bio.asp</a></a> (his "Routing In
The Internet" book is excellent).<br class="">
</p>
<p dir="ltr" class="">The easier target these days is the
unmaintained CPE itself, and they're much easier to find.</p>
<p dir="ltr" class=""><a moz-do-not-send="true"
href="http://routersecurity.org/bugs.php" class="">http://routersecurity.org/bugs.php</a></p>
<p dir="ltr" class="">People need to stop thinking that host
security is stuck in the in the 1990s/early 2000s. There are
instances where it is, but it is not universal.<br>
</p>
</div>
</blockquote>
<br>
I'll respond here where I didn't in the last thread due to the
immediate pile-on. Windows was intended as tongue-in-cheek, but was
obviously a poor example. How does this logic hold up if you
replace Windows with OSX, Linux, webcams, appliances, IoT devices,
toasters, etc? *Plenty* of devices do not ship/enable host
firewalls by default, and expose numerous services that are best
walled-off from the Internet.<br>
<br>
If the ISP has supplied a CPE, enables IPv6 without notification,
assistance, or recommendations, and the CPEs are inadequately
configured to protect users, then the expectations of risk for
(particularly less-savvy) end-users changes dramatically. This
would seem to me to be a problem.<br>
<br>
There is some level of validity to the argument that larger address
space makes scanning more expensive, but when the scanning is being
done by swarms of zombies, that just slows the process (a lot,
granted), though there may be ways to improve the hit-rate there
too.<br>
<br>
<div class="moz-cite-prefix">On 05/27/16 15:18, Mark Andrews wrote:<br>
</div>
<blockquote cite="mid:20160527051859.979704A322DA@rock.dv.isc.org"
type="cite">It isn't the ISP's job.</blockquote>
<br>
That seems rather short-sighted, and additionally problematic if the
ISP supplies the CPE and configuration.<br>
<br>
<blockquote cite="mid:20160527051859.979704A322DA@rock.dv.isc.org"
type="cite"> If manufacturers are selling consumer equipement that
is incapable
of being exposed to the net directly they should be being fined
for
selling substandard products and be forced to recall / provide
updates.
</blockquote>
<br>
Except that this is far removed from reality.<br>
</body>
</html>