Home page logo

nanog logo nanog mailing list archives

Re: Port blocking last resort in fight against virus
From: "Christopher L. Morrow" <chris () UU NET>
Date: Tue, 12 Aug 2003 21:59:59 +0000 (GMT)

On Tue, 12 Aug 2003, Jack Bates wrote:

Christopher L. Morrow wrote:

If people want to use the network they need to take the responsibility and
patch their systems. Blocking should really only be considered in very
extreme circumstances when your network is being affected by the problem,
or if the overall threat is such that a short term network-wide block
would help get over the hump.

Correct, and that's what I consider this; a short term network-wide
block that would help get over the hump. While my network is stable,
that doesn't mean everyone being scanned is stable. There are
undoubtably DOS conditions caused by this worm.

Each local network should make this decision on their own, the backbone
should really only get involved if there is a real crisis. The local
network has the ability to determine if the ports/protocols are being used
legitimately, not the backbone. Just cause you'd have to be insane to use
MS shares over the open internet doesn't mean there aren't people doing it
:( (or selling Exchange mailboxes over it too apparently?).

So, if in YOUR network you want to do this blocking, go right ahead, but I
wouldn't expect anyone else to follow suit unless they already determined
there was a good reason for themselves to follow suit. As an aside, a day
or so of 5 minutely reboots teaches even the slowest user to find a
firewall product and upgrade/update their systems, eh?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]