On Wed, 11 May 2005, Jon Lewis wrote:
On Wed, 11 May 2005, Christopher L. Morrow wrote:
Is there still justification for denying transit for ms-sql slammer ports?
probably not, but that's really a local-to-your-asn decision.
I dunno about that. I know it was more than a year ago, but at NANOG Miami, someone brought either SQL slammer or a vulnerable laptop and killed the network for a while. Running tcpdump on my notebook, I noticed fairly constant slammer probes while there. We still block it here, and the last time we accidentally removed that filter, a colo customer was promptly infected.
excellent, you made the choice for your asn... Joe should evaluate his network's risk/behaviour/profile and see if it's still relevant for him... much like he evaluates his requirements to recieve email from folks via the use of the SPEWS list, which blocks my mail servers :)