RE: zotob - blocking tcp/445
'enterprise security folks' are probably not the issue... The fact remains that lots of folks DO do this :( There are quite a few folks between 'consumer' and 'enterprise' that do all manner of dumb things on the Internet (where 'dumb' is equivalent to running smb shares across the public network minus encryption/ipsec). It's their choice to do that, and their network providers are expected/demanded to pass those packets for them.
-Chris
Surely the ratio of 'useful' traffic compared to 'junk' for a particular protocol must be considered. What percentage of netbios entering a service provider's edge is intentional? 1%? 0.1%? I'm guessing much less than that. If 5 or 6 nines worth of a particular protocol entering or leaving an ISP's network is unintentional, and highly susceptible to viral activity, isn't it in our best interest to block it? With proper notification to subscribers and instructions on setting up host-to-host PPTP/whatever, blocking netbios can solve a large bunch of issues.... Just my .02 though, Chuck
On Mon, 15 Aug 2005, Church, Chuck wrote:
'enterprise security folks' are probably not the issue... The fact remains that lots of folks DO do this :( There are quite a few folks between 'consumer' and 'enterprise' that do all manner of dumb things on the Internet (where 'dumb' is equivalent to running smb shares across the public network minus encryption/ipsec). It's their choice to do that, and their network providers are expected/demanded to pass those packets for them.
-Chris
Surely the ratio of 'useful' traffic compared to 'junk' for a particular protocol must be considered. What percentage of netbios entering a
on your piece of the network you can consider the ratio of pigs to birds, or good to bad traffic or phases of the moon, it's your network do what you will. I can say that if you have a vocal enough customer the blocks won't last very long, or the customer will find another network to connect to...
service provider's edge is intentional? 1%? 0.1%? I'm guessing much less than that. If 5 or 6 nines worth of a particular protocol entering or leaving an ISP's network is unintentional, and highly susceptible to viral activity, isn't it in our best interest to block it? With proper
your best interest might be to do that sure... 'your network, your call'.
notification to subscribers and instructions on setting up host-to-host PPTP/whatever, blocking netbios can solve a large bunch of issues....
please send my instructions for host-to-host pptp that my grandmother can follow without help of techsupport.
participants (2)
-
Christopher L. Morrow -
Church, Chuck