From: "Sean Donelan"
So far the Deloder worm appears to be responding to normal congestion feedback controls, limiting its network impact. Like CodeRed, Nimda, etc some edge providers may need to implement network controls due to scanning activities causing cache busting, but I suspect most network backbones will not need to do anything.
I agree. It will mostly be useful at edge networks to spot outbound traffic of possibly infected users. 445 should normally be very light, and I suspect that 99% of the systems issuing the traffic will be found to be infected with at least one worm or virus, and probably have more security issues. My last 445 spewing customer had 3 back door programs, 5 viruses, and 2 worms. It was, of course, a school computer. The problem with blocking is if you decide to remove the blocks. Upon removal of 1434 from my EBGP routers, I immediately saw 3 systems infected and start spewing. One of them, scarily, was a dialup while another was on a transit customers network and, of course, shut him down. If we protect the customer, the customer won't fix the problem. Blocks always have to be used with caution because of this. -Jack