Currently, on our ingress, we block spoofed packets, common worms/trojans ports.
We do that for all of our customers(residential DSL, Dial-up,
Corporate DSL, and the data center hosted websites/servers), however,
For me there are 2 ways to look at it,
if i leave these worms to come in, they would consume our bandwidth
and CPU, and on the other hand, it looks like we're giving a free
service, which in a way uses up our resources,
Its the same for DDoS, if i stop it for a customer, i'm giving him a
free a service, if i dont, its gonna wreck my network.
Personally, i block the illegitimate packets out of my network(egress)
but thats because i owe this to the internet community, even if i am
not getting paid for it.
I would like to know other providers policy about this?
We have bogon filters in place to filter ingress traffic from our
upstreams. As for blocking worms and other nasties our views have
changed with the increasingly hostile climate...
In the past we have taken the approach that a "service provider" should
do exactly that - provide service. Since we didn't offer a managed
firewall service it was the responsiblity of our customers to protect
themselves and others from their infected machines. At the risk of
pouring gas on the fire, I think we're all aware of how well this works
in the face of Blaster, Nachi, Code Red, and others.
As it stands now, we attempt to block this type of traffic before it
enters our network where possible. Not because we want to protect the
65 year-old retired school teacher who just signed up for his first DSL
account with no firewall, no antivirus software, etc. Our focus is
strictly to protect our access and distribution routers from having to
deal with the flood of unnecessary collateral traffic associated with
Grandpa** and his new fandangled internet thingy.