I'll bite.. ----- Original Message ----- From: "William Allen Simpson" <wsimpson@greendragon.com> To: <nanog@merit.edu> Sent: Friday, February 21, 2003 2:25 PM Subject: Re: M$SQL cleanup incentives [snip]
I'm of the technical opinion that everyone will need to filter outgoing 1434 udp forever. [snip] Iljitsch van Beijnum wrote:
Maybe the best approach is to try and deliberately infect the entire local net every few minutes or so to detect new vulnerable systems while the people installing them are still on the premises.
Gosh, should we do that for every known virus/worm/vulnerability?
Which is it? Where do you draw the line between something that's big enough to block forever and something that's not worth tracking down? You lambast him for attempting a solution that is foolish to apply for every known possible problem where if your solution was applied as such, we'd have a swiss-cheese internet in which any commonly used destination port is blocked due to the scads of IIS/bind/fingerd/ftpd/whatever worms. Have fun filtering.
Or maybe you don't actually own and/or have legal and financial accountability for your own network?
Or maybe he likes having a network his customers can actually use. --Doug