Is it time to block all Microsoft protocols in the core?
Darren Pilgrim
dmp at pantherdragon.org
Mon Jan 27 08:37:31 UTC 2003
Sean Donelan wrote:
> Should ISPs start blocking all Microsoft protocols in self-defense?
All of my routers block netbios, DHCP, and packets with improper source
addresses. But then I'm spending router memory and CPU cycles many
people don't have.
> Since many of users install database products just for local use, why
> does the database open up a network port on the initial
> installation? Wouldn't it be better to ask the user, or only open the
> network port if its being used?
> Its not just a Microsoft thing. SYSLOG opened the network port by
> default, and the user has to remember to disable it for only local
> logging.
I don't think it's so much of a problem of programs opening listen
sockets as it is a problem of admins not properly controlling their
networks and a certain software company pushing insecure features like
printing over the internet that refuse to work from behind a firewall
and have no direct proxy support.
More information about the NANOG
mailing list