Cost of Worm Attack Protection

Jared Mauch jared at
Thu Nov 13 17:59:30 UTC 2003

On Thu, Nov 13, 2003 at 10:58:38AM -0500, sgorman1 at wrote:
> Good point - then what is the cost of attempting to mitigate or handle attacks vs. doing nothing?

	I've found that they're usually higher than doing 
nothing at all.

	In the case of the fun in august, people who blocked the
microsoft ports that worms were spreading across (i mean newly
blocked them that is) saw increased support costs associated with
what was broken vs just leaving the network in the state it was.

	While the increased traffic and infection was a problem,
the network devices mostly yawned at the activity and the irate
customers who were (ab)using the network to use these MS RPC
features were quite vocal about the filtering.

	This also helped raise customer awareness that we can not
filter for them.  They must manage their devices in order to
keep their network secure or get cut off from our network.

	- Jared

(how i wish microsoft would release a stinking patch CD)

Jared Mauch  | pgp key available via finger from jared at
clue++;      |  My statements are only mine.

More information about the NANOG mailing list