Port blocking last resort in fight against virus
Stephen J. Wilcox
steve at telecomplete.co.uk
Wed Aug 13 09:14:22 UTC 2003
On Wed, 13 Aug 2003, Mans Nilsson wrote:
> Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox (steve at telecomplete.co.uk):
>
> > Sorry I see where you're coming from on this but firewalls are more than just
> > patches to broken OS's.
> >
> > In your world DoS traffic would be free to roam the networks as it pleased
> > without being throttled sensibly at ingress?
>
> Providing one makes people responsible for what their boxes (not
> aggregates of networks) cause, and enforces this, there will be no
> DoS traffic; given a perfect world.
What if the people running the boxes are irresponsible, perhaps even harboring
malicious intent
> Even in an imperfect world, the solution lies in the edge, not even
> the CPE, but the end node, if you want to do more than pathetic
> bandaiding of the inherent problem of insecure applications on end
> nodes.
I dont have control of all end nodes but I do control my edge.
Steve
More information about the NANOG
mailing list