how-to block ads
|
|
Uniqs:
58 |
Share Topic
 |
 |
|
|
 NevsterPremium
join:2002-04-06
Dalhousie, NB | It's not about YOU. If you find your traffic filtered, try, if you can, not taking it personally. The ISP has to do something to keep their mailservers intact and their HFC plants unsaturated and their routers from barfing. Occasionally, this impacts what you want to do. The ISP understands this. The ISP often regrets this. The ISP hopes that you'll figure out a way around it.
My ISP (who happens to be run by me, so I'm pretty comfy that the following are true):
...tries to not interfere with anybody's functionality...
...but has to take some action to keep things running well...
...and has a limited amount of time in the day...
...and an infinite amount of possible problems...
...can't ignore everything because the network will go to heck...
...can't protect against everything cuz it's impossible...
...wishes to not make problems for itself...
-----
In other words, when I see a problem that I can fix without anybody noticing that there's a filter/restriction, etc, I feel I've succeeded. Of course, I don't get any thanks for this. But, when I filter out ICMP echo/reply of length 92 as per cert.org recommendations... oi.
I might point out that ISPs who care are really trying to protect themselves from problems that USERS-LIKE-YOU are causing, but not necessarily YOU. They can't tell if YOU might get a virus tomorrow, even though YOU don't have one today, and they don't have unlimited resources or nifty software that can pick only on problems that currently exist then test to see when they don't exist any more.
Sometimes they have to make a blanket policy so that they can go on with whatever it is they were going on about before they got interrupted by the newest exploit. They're not happy about all the bitching and moaning that happens either, but they accept that it's going to come, and that's how the world works, and life goes on. They DO care about YOU and YOUR big picture. They might also care YOUR immediate problem, but decided that it's something that YOU will have to deal with.
But, feel free to try to change their mind if you wish. 
-nevin | |
| I completely agree and second everything Nevster has stated. I too help run a small ISP out of Texas, and I can tell you it is not easy battling day to day battles with constant problems that plague the network as a result of misuse and ignorance by users. It is very easy for people to say, "I think ISP's should allow all traffic to flow and there should be no capping, etc, etc.". However, what users do not understand is that the network equipment and resources to provide the bandwidth are extremely expensive and it is unrealistic for people to think that ISPs can just "open up their networks completely" and everything should be hunky doory. With a fully open network, all it takes is a couple of nasty viruses to bring a network down to its knees and plug up all of the available bandwidth so that traffic can not pass through. Then, ALL users suffer. It takes a small army of technicians to stay on top of what is going on at all times and monitor for problems and adjust as need be. I suffer many of sleepless nights to work through issues so that myself and my team can ensure 100% network up-time and so that users can happily use their connections that I feel they often take for granted. Before running a ISP, I worked for 10 years in the telephone industry and I engineered and operated large Central Office sites for a couple of different major local phone companies. I can tell you this, the complexity of providing High-Speed Inet service is 20x that of providing phone service over a phone network, and the problems are never ending. It is a miracle that we can keep customers connected to the internet with zero downtime considering the non-stop battles we constantly have to deal with. I just wish users would try and consider this when they want to complain about their ISPs shutting down services that are not service affecting.
And to further clarify, you CAN block ICMP echo and reply protocols while still allowing all of the important ICMP traffic that could possibly need to pass for sucessfull operation of any and all services over the web, including Tracert. It is just a matter of explicitly blocking and permitting individual ICMP protocol packet types. | |
|
