RE: zotob - blocking tcp/445
On Mon, 15 Aug 2005, Church, Chuck wrote:
'enterprise security folks' are probably not the issue... The fact remains that lots of folks DO do this :( There are quite a few folks between 'consumer' and 'enterprise' that do all manner of dumb things on the Internet (where 'dumb' is equivalent to running smb shares across
public network minus encryption/ipsec). It's their choice to do that, and their network providers are expected/demanded to pass those packets for them.
-Chris
Surely the ratio of 'useful' traffic compared to 'junk' for a
the particular
protocol must be considered. What percentage of netbios entering a
service provider's edge is intentional? 1%? 0.1%? I'm guessing much less than that. If 5 or 6 nines worth of a particular protocol entering or leaving an ISP's network is unintentional, and highly susceptible to viral activity, isn't it in our best interest to block it? With
on your piece of the network you can consider the ratio of pigs to birds, or good to bad traffic or phases of the moon, it's your network do what you will. I can say that if you have a vocal enough customer the blocks won't last very long, or the customer will find another network to connect to... *** Rules are going to be different for residential vs. business customers. Business customers who aren't on crack probably know better to block netbios in and out. But residential customers, I think you'll win more customers than lose by taking some proactive blocking measures. proper your best interest might be to do that sure... 'your network, your call'.
notification to subscribers and instructions on setting up host-to-host PPTP/whatever, blocking netbios can solve a large bunch of issues....
please send my instructions for host-to-host pptp that my grandmother can follow without help of techsupport. *** Well, if you grandmother is already familiar with mapping drives and modifying her lmhosts file.... :)
On Tue, 16 Aug 2005 13:44:27 CDT, "Church, Chuck" said:
*** Rules are going to be different for residential vs. business customers. Business customers who aren't on crack probably know better to block netbios in and out.
Whatever happened to the War On Drugs, anyhow? :) I think you're overestimating the security clue of most businesses. I'd *love* to be proved wrong by somebody citing a credible survey indicating that most businesses *are* Getting It Right....
On Tue, 16 Aug 2005 Valdis.Kletnieks@vt.edu wrote:
On Tue, 16 Aug 2005 13:44:27 CDT, "Church, Chuck" said:
*** Rules are going to be different for residential vs. business customers. Business customers who aren't on crack probably know better to block netbios in and out.
Whatever happened to the War On Drugs, anyhow? :)
I think you're overestimating the security clue of most businesses. I'd *love* to be proved wrong by somebody citing a credible survey indicating that most businesses *are* Getting It Right....
I think Sean Donelan had a survey he quoted a few months ago saying that most enterprises are still the den of iniquity... but I could have that backwards.
On Tue, 16 Aug 2005, Christopher L. Morrow wrote:
I think you're overestimating the security clue of most businesses. I'd *love* to be proved wrong by somebody citing a credible survey indicating that most businesses *are* Getting It Right....
I think Sean Donelan had a survey he quoted a few months ago saying that most enterprises are still the den of iniquity... but I could have that backward.
The average business and average home user have similar computer infection rates based on the data I saw on the ISP networks. Pretty much anyway you sliced the data, e.g. goverment, financial, marketing, education, health care, high tech, low tech, home users, etc have similar rates. Neither the size of the organization nor regulatory environment seems to be a factor. However, different individual organizations can have very different infection rates. What's interesting is within a particlar organization, the infection rate tends to be homogenous: either better or worse. Two companies in the same industry group can have dramatically different infection rates that persist for a long time. But when you add together all the companies in the industry group, the industry group average is the same across all the groups. Law of large numbers, regression to the mean, etc.
participants (4)
-
Christopher L. Morrow
-
Church, Chuck
-
Sean Donelan
-
Valdis.Kletnieks@vt.edu