On Tue, 12 Aug 2003, Jack Bates wrote:
Christopher L. Morrow wrote:
If people want to use the network they need to take the responsibility and patch their systems. Blocking should really only be considered in very extreme circumstances when your network is being affected by the problem, or if the overall threat is such that a short term network-wide block would help get over the hump.
Correct, and that's what I consider this; a short term network-wide block that would help get over the hump. While my network is stable, that doesn't mean everyone being scanned is stable. There are undoubtably DOS conditions caused by this worm.
Each local network should make this decision on their own, the backbone should really only get involved if there is a real crisis. The local network has the ability to determine if the ports/protocols are being used legitimately, not the backbone. Just cause you'd have to be insane to use MS shares over the open internet doesn't mean there aren't people doing it :( (or selling Exchange mailboxes over it too apparently?). So, if in YOUR network you want to do this blocking, go right ahead, but I wouldn't expect anyone else to follow suit unless they already determined there was a good reason for themselves to follow suit. As an aside, a day or so of 5 minutely reboots teaches even the slowest user to find a firewall product and upgrade/update their systems, eh?