On 8/16/05, Gadi Evron <ge@linuxbox.org> wrote:
Randy Bush wrote:
Surely we realize that this discussion is not concerning the oft repeated "Internet's Firewall" debate. Its about containing a potential worm/virus outbreak. Call it a network wide quarantine.
surely you realize that this discussion is not about civil rights and the constitution, but about combatting terrorists.
To a level, it is.
Is combating terrorists bad? No one here would say no. Then it starts getting complicated when you discuss the HOW.
Over-protecting by first saying "no" because you fear potential "how's" is silly.
Fearing the HOW itself is legitimate.
Not every block is a censor, m'kay? Some censors are good - do you want to see kiddie porn on TV? Let us not make this a freedom of speech argument and go back to network issues.
You have say, 35K clients who will get infected in the next 2 days if you don't block port 445. Are you going to block it or are you going to let them get infected and infect others?
What if you are a transit provider that serves ebay, yahoo, and/or google and the worm is propogating over TCP port 80? If they have sufficient bandwidth and security mechinisms to protect themselves I can guarantee you that those enterprise customers would not want their upstream provider unilaterally dropping the traffic. I recognise that the service we are talking about here is typically used in file sharing but people may even be using 445 for different services (as silly as it sounds). Where will the filtering end? Is your NSP/ISP responsible for filtering virii, spam, phishing? I'm not saying it wouldn't be nice, but considering the types of attacks we see coupled with the fact that many enterprise customers are service providers themselves, providing service to yet other service providers, it is very difficult to take their decission making power away.
That or I am missing something.
Gadi.