[ previous ] [ next ] [ threads ]
 From:  Alex Neuman van der Hans <alex at nkpanama dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Configuracion wireless en monowall
 Date:  Tue, 23 May 2006 18:09:02 -0500
Rolf Kutz wrote:
> How does using smtps or vpn reduce abuse, if I
> would be sending mail over my ISPs smtpd anyway?
> And pointing to webmail doesn't really help
> either.  The question is whether you want to
> offer _Internet_access or _web_access? Why not block
> everything but Port 80? Abuse can be done with
> ftp, ssh or netcat.
Because your ISP would then block you for abuse, and there would be an 
audit trail. People are free to offer services as they please, just as 
clients are free to purchase/use said services *if* they choose to. 
That's one of the uses of the captive portal page: to explain to your 
users what is or is not allowed on *your* network, which is *yours*, and 
not *theirs*. They are your *guests* and they *should* behave as such.
> A million flies can't be wrong? I really hate
> internet cafés where I can't even run putty or
> they even block ssh and I can't log into my
> servers. If they offer Internet they should
> deliver unfiltered IP. Next thing you know is they
> block you from "harmful" websites, too.
That's the beauty of it. You *choose* to go wherever you want to go or 
not depending on whether or not they give the service you want to receive.

In some countries there is a "due diligence" clause that requires 
internet café operators, libraries and such, in order to get a business 
license and/or permit, to install filters that will block any webpages 
that explictly declare they are for adults only if minors are allowed 
entrance and/or provide some basic protection. They won't fine you if a 
kid walks in and bypasses your proxy, but they will fine you if you have 
absolutely no protection whatsoever.

It's not as much a matter of "censorship" as much as "responsibility".

I once had a conversation with a school sysadmin who was told by the PTA 
and whatever board of directors ran school policy that no filtering 
whatsoever was going to be installed in the school's systems because "a 
kid that's trusted becomes worthy of this trust", and that if you "begin 
by distrusting you will get untrustworthy kids". This is similar to the 
"closing specific ports" method of firewalling. You will find a lot of 
people agree that it's more practical to only open your firewall to 
traffic you actually *want* and *need* and not the other way around.

In fact, with m0n0, you could set up a different interface or vlan 
without all the protections we've mentioned and charge a premium 
(perhaps with more bandwidth). Again the market will take care of itself.

Oh, and by the way, the "million flies can't be wrong" argument is 
similar to the "straw man" logical fallacy; it doesn't really refute the 
point, it only provides us with enough information to know that *you*, 
personally, hate it when network operators have a point of view 
regarding what should and shouldn't be provided on their own networks 
that is different from your own.

Have a great day...