At 11:54 11/20/2000 -0500, Valdis.Kletnieks@vt.edu wrote:
I suspect that if a large percentage of Tier 1/2 carriers actually filtered ports 137 through 139, we'd not be seeing anywhere near the amount of QAZ and similar activity. And as has been pointed out, you can ALWAYS punch a hole in the filter for customers who like to live risky, or they can find other ways to tunnel their packets.
Well, we'd actually see a good deal of QAZ still, if Tier One was filtering it... QAZ primarily hunts in the same class C it lives in. Aside from that, I certainly agree that it is not our job to dictate what our customers can or cannot do on the big-eye-nternet. What I also think is that it *is* our responsibility to maintain the sanctity of our networks. I don't see any customers up-in-arms because of the lack of directed broadcast services on most of our networks, and I think this situation is roughly analogous. The point is this: 137-139 are used for NetBIOS and Samba, neither of which are secure (or even supported by their vendors, AFAIK) for use out on the Internet. I think we can all agree that anyone using them in that situation, shouldn't be. --- Ben Browning <benb@oz.net> oz.net Network Operations Tel (206) 443-8000 Fax (206) 443-0500 http://www.oz.net/