[olug] Cox and Web Servers

William E. Kempf williamkempf at hotmail.com
Thu Oct 10 14:41:41 UTC 2002 

From: "Phil Brutsche" <phil at brutsche.us>
> William E. Kempf wrote:
>  >> It's not terrible business practice.
>  >
>  >
>  > Yes, it is.  They don't universally block port 80 (or the other
>  > ports), they only do so for non-business accounts.  That's
>  > unreasonably restrictive, and nothing but a ploy to milk their
>  > customers of more money.
>
> Think about it this way:
>
> 1) Something like Nimda hits a bunch of computers
> 2) Cox's network goes to crap due to all the traffic
> 3) People say "Cox is just d*** slow, I'm switching to DSL!"
> 4) Ooops, lost business

Again, this doesn't hold water for several reasons:

1) Few people run web servers.

2) Other services that ARE offered by Cox are much more likely to cause
these problems.  For instance, you're much more likely to be attacked by a
worm or trojan simply by using e-mail, and such attacks can just as quickly
bring Cox's service to it's knees.

3) Blocking the ports does not prevent people from running web servers,
which means that blocking ports has done nothing (or at least very little)
in the way of protecting Cox from such situations.

> Or another way:
>
> 1) Something like Nimda hits
> 2) Cox's support is overwhelmed by clueless twits asking what's wrong
> 3) Support costs just went up
> 4) Ooops, just lost some money

This would be better handled through so many other mechanisms.

> Oh, and business accounts are much more likely to be running servers.

Which is relevant how?

> I won't mention how running a server is against their AUP.

Not that I can determine.  And if it is, that's a shaky legal issue that
will be awfully hard to enforce.  For one thing, "server" is a bit nebulous.
MS Netmeeting, by one school of thought, could be considered a server, for
instance (and yes, I'm a programmer, so I do know what the true definition
of server is from a technical stand point, but legally it's not so cut and
dried).  And again, I can name so many services that Cox has no problems
with that cause more of a security and bandwidth concern then a web server
run for personal use.

>  >> It's smart security, in the face of Nimda and Code Red.
>  >
>  >
>  > That's a security issue for the user, and their responsibility if
>  > they choose to run such servers.  That's not relevant to Cox.
>
> Not all users choose to run a web server.  Sometimes it's installed for
> them, without their knowledge.  Sometimes they install it and forget
> about it, and sometimes they simply don't care.

I'm willing to bet there are very few people running a web server accessable
to the outside world who aren't aware that they are.

Bill Kempf

More information about the OLUG mailing list