@home

[Smith, Daniel E.]

The only thing that every one is forgetting is that in the @home contract is
says that you are forbidden to run a server on your cable modem connection.
So If you are, they do have the right by the contract to take away your
service. I know it sucks but that is why they have the more expensive @work,
and you can always get dsl. If you buy static ip's (about $120 a month) you
can do what ever you want.



-----Original Message-----
From: Daniel Pfile [mailto:pfiled at marietta.edu]
Sent: Thursday, August 23, 2001 4:46 PM
To: olug at bstc.net
Subject: Re: @home


BTW, my cable modem is a CyberSURFER Wave Modem. The thin dark grey one.

If this thing about only newer modems blocking port is true, that means the 
modems have the ability to block ports. There's also a web interface on 
those modems.

So it seems like the logical sane solution for cox at home, the internet, and 
the users is to:

1: Cap upstream to 256k (done, used to be good enough...)
2: Disable incomming ports for known insecure services in the cable modem
3: Allow a user to re-enable these ports with the modem's web interface
4: Disable the ability to turn on ports if the user is using a huge amount 
of bandwidth. You don't have to monitor trafic, SNMP should suffice, just 
if the user is using 90% of their upstream for 7 days solid, contact them, 
let the know the problem (a warning), if they continue, kill their ports.
-- or --
4: If the machine is reported used in a DOS/DDOS attack, block the ports to 
stop the attack and let the user know.

Not perfect, but I just woke up from a nap and I'm a bit groggy, so feel 
free to correct me.

-- Daniel