alt Hacker NewsPretty much. I think there's also a responsibility on the part of the network owner to restrict obviously malicious traffic. Allow anonymous people to connect to your network and then perform port scans? I don't really want any traffic from your network then.
Yes, there are less scorched-earth ways of looking at this, but this works for me.
As always, any of this stuff is heavily context specific. Like you said: network admins need to be smart, need to adapt, need to know their own contexts.
Replies
gzread • today at 2:13 AM
Do you feel coffee shop WiFi should require you to scan your passport to connect, or that it shouldn't exist at all?
➕ show 1 reply
This is how you get really annoying restrictions on public networks, because some harmless traffic will inevitably be miscategorized by an overeager firewall/DPI system.
I’m not saying that there should be zero consequences for allowing bad traffic from your network, but there’s a balance, and I would hate a world in which your policy were more common.
Arguably we are already partially living in that world, as some companies are already blanket-banning entire countries, VPNs etc., rather than coming up with more fine-grained strategies or improving their authentication systems to make brute force login attempts harder. It’s incredibly annoying.