Providers removing blocks on port 135?

Matthew Kaufman matthew at eeph.com
Fri Sep 19 17:32:21 UTC 2003


Well, we could start by having every ISP do what we do, which is to find
worm-infected customers inside our network and get them patched or turned
off. But that's a lot of work. (Especially when you've got a new worm to
track down every week)

The scary/unfortunate part to me is that these things never seem to go
away... Check your web server's log for the last hit from Code Red, for
instance. (6 minutes ago, from 203.59.48.139, on the server I just checked)

Matthew Kaufman
matthew at eeph.com

> -----Original Message-----
> From: Owen DeLong [mailto:owen at delong.com] 
> Sent: Friday, September 19, 2003 10:23 AM
> To: Matthew Kaufman; 'Jack Bates'; 'Adam Hall'
> Cc: nanog at nanog.org
> Subject: RE: Providers removing blocks on port 135?
> 
> 
> OK... Obviously, you need to do what you need to do to keep things
> running.  However, that should be a temporary crisis 
> response.  If your
> equipment is getting DOS'd for more than a few months, we need to find
> a way to fix a bigger problem.  Permanently breaking some service 
> (regardless
> of what we think of it.  Personally, I'll be glad to see M$ 
> go down in 
> flames)
> is _NOT_ the correct answer.
> 
> Owen
> 




More information about the NANOG mailing list