Port blocking last resort in fight against virus
Mans Nilsson
mansaxel at sunet.se
Tue Aug 12 15:50:38 UTC 2003
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, 2003 at 10:36:12AM -0500 Quoting Jack Bates (jbates at brightok.net):
>
> Is it just me that feels that blocking a port which is known to be used
> to perform billions of scans is only proper? It takes time to contact,
> clean, or suspend an account that is infected. Allowing infected systems
> to continue to scan only causes problems for other networks. I see no
> network performance issues, but that doesn't mean other networks won't
> have issues.
I have two faces, let's hear what they say:
"I am a network operator. I do not see issues with my network unless
somebody fills it up beyond capacity. Then I might ask somebody a
question as to why they are shoveling so many more packets than
usual. If it is a panic, I might null0 someone. I just want to keep
my network transparent."
"I am a systems administrator. Sometimes, there are security problems with
my operating systems of choice. Then, I fix those hosts that are affected,
and all is well. The network is not bothering me as long as it is
transparent."
Your chosen path is a down-turning spiral of kludgey dependencies,
where a host is secure only on some nets, and some nets can't cope
with the load of all administrative filters (some routers tend to
take port-specific filters into slow-path). That way lies madness.
--
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
Oh my GOD -- the SUN just fell into YANKEE STADIUM!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030812/dd962084/attachment.sig>
More information about the NANOG
mailing list