Providers removing blocks on port 135?

Fri Sep 19 17:23:28 UTC 2003

OK... Obviously, you need to do what you need to do to keep things
running.  However, that should be a temporary crisis response.  If your
equipment is getting DOS'd for more than a few months, we need to find
a way to fix a bigger problem.  Permanently breaking some service 
(regardless
of what we think of it.  Personally, I'll be glad to see M$ go down in 
flames)
is _NOT_ the correct answer.

Owen

--On Friday, September 19, 2003 10:14 AM -0700 Matthew Kaufman 
<matthew at eeph.com> wrote:

> I agree entirely with this. You shouldn't call yourself an ISP unless you
> can transport the whole Internet, including those "bad Microsoft ports",
> between the world and your customers.
>
> On the other hand, what's a provider to do when their access hardware
> can't deal with a pathological set of flows or arp entries? There isn't a
> good business case to forklift out your DSLAMs and every customer's
> matching CPE when a couple of ACLs will fix the problem. For that matter,
> there isn't a very good business case for transporting Nachi's ICMP
> floods across an international backbone network when you can do a bit of
> rate-limiting and cut your pipe requirements by 10-20%.
>
> Matthew Kaufman
> matthew at eeph.com
>
>> -----Original Message-----
>> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On
>> Behalf Of Owen DeLong
>> Sent: Friday, September 19, 2003 10:03 AM
>> To: Jack Bates; Adam Hall
>> Cc: 'nanog at nanog.org'
>> Subject: Re: Providers removing blocks on port 135?
>>
>>
>>
>> FWIW, my opinion is that blocking this at the customer edge
>> per customer request is fine.  Any other blocking by an ISP
>> is damage and should be routed around like any other internet damage.
>>
>> Owen
>>
>