RE: Port blocking last resort in fight against virus
Jack, et al. As a larger than average end user and what could be called a small ISP, I really can not image legitimate traffic on 135.. who in there right mind would pass NB traffic in the wild? I dunno, may it is just that Old military security mindset creeping into my brain housing group. Can someone enlighten me? What is legitimate 136 traffic? J -----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: Tuesday, August 12, 2003 12:31 PM To: Mans Nilsson Cc: nanog@merit.edu Subject: Re: Port blocking last resort in fight against virus Mans Nilsson wrote:
Your chosen path is a down-turning spiral of kludgey dependencies, where a host is secure only on some nets, and some nets can't cope with the load of all administrative filters (some routers tend to take port-specific filters into slow-path). That way lies madness.
Secure? Who's talking about secure? I'm talking about trash. Not blocking the port with a large group of infected users means that your network sends trash to other people's networks. Those networks may or may not have capacity to mean your network's trash. Temporarily blocking 135 is not about security. A single infection within a local net will infect all vulnerable systems within that local net. A block upstream will not save local networks from cross infecting. However, it does stop your network from sending the trash out to other networks which may have smaller capacities than your network does. Of course, perhaps a good neighbor doesn't really care about other people's networks? Perhaps there is no such thing as a good neighbor. It's kill or be killed, and if those other networks can't take my user's scanning them, then tough! There is legitimate traffic on 135. All users I've talked to have been understanding in a short term block of that port. They used alternative methods. I have a lot of valid traffic still cranking out the other Microsoft ports. -Jack
As a larger than average end user and what could be called a small ISP, I really can not image legitimate traffic on 135.. who in there right mind would pass NB traffic in the wild?
the days of giving intelligence tests to customers is long gone. the job of an isp is to deliver packets. maybe your customer is foolish. but break their ceo's access and you're their ex- isp. randy
At 11:40 -0700 8/12/03, Randy Bush wrote:
As a larger than average end user and what could be called a small ISP, I really can not image legitimate traffic on 135.. who in there right mind would pass NB traffic in the wild?
the days of giving intelligence tests to customers is long gone. the job of an isp is to deliver packets. maybe your customer is foolish. but break their ceo's access and you're their ex- isp.
randy
My experience seems to be that as the ISP we're blamed when the subscribers gets a virus, because after all it's our network that sent the customer the virus. -- Mike
On Tue, 2003-08-12 at 15:01, Mike Jezierski - BOFH wrote:
My experience seems to be that as the ISP we're blamed when the subscribers gets a virus, because after all it's our network that sent the customer the virus.
Catch 22 ... Block the virus, get accused of being a censor. Allow the virus, get accused of being a carrier... *sigh*
-- Mike --
Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering friz@corp.ptd.net RedHat Engineer - RHCE # 807302349405893 Cisco Certified - CCNA # CSCO10151622 MySQL Core Certified - ID# 205982910 --------------------------- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955]
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of McBurnett, Jim ... I really can not image legitimate traffic on 135..
My problem with this approach is that, in 1985, you could have said "I really cannot imagine legitimate traffic on port 80". (On the other hand, you could probably say that today and be mostly right) Matthew Kaufman matthew@eeph.com
participants (5)
-
Jason Frisvold
-
Matthew Kaufman
-
McBurnett, Jim
-
Mike Jezierski - BOFH
-
Randy Bush