On Sun, 9 Mar 2003, Jonathan Claybaugh wrote:
Are other people having problems with this right now? There doesn't seem to be very much traffic or information about this on any of the security lists (it is Sunday...). The last posted URL points to an impending storm...
Other operators opinions about blocking port 445 before this thing starts spreading faster than it already is?
Blocking ports in the core doesn't stop stuff from spreading. There are too many alternate paths in the core for systems to get infected through. In reality, backbones dropped 1434 packets as a traffic management practice (excessive traffic), not as a security management practice (protecting users). So far the Deloder worm appears to be responding to normal congestion feedback controls, limiting its network impact. Like CodeRed, Nimda, etc some edge providers may need to implement network controls due to scanning activities causing cache busting, but I suspect most network backbones will not need to do anything.