Providers removing blocks on port 135?

Fri Sep 19 20:07:51 UTC 2003

Owen DeLong wrote:

> Yes.   I responded to this in a previous post.  We must do what we must do
> temporarily to keep things running.  However, breaking the net is not a 
> long
> term solution.  We must work to solve the underlying problem or it just 
> becomes
> an arms-race where eventually, no services are useful.
> 

I agree, and as a point of fact, many ISP's allow their users to opt out 
of spam. The ability to opt out of port filtering is a little more 
difficult, but it is not impossible. Most authentication methods 
designed have support for telling connection equipment what security 
lists to use and how to treat a specific user. Some systems, like mine, 
do not run authentication models that support this, but I consider it 
very wise to change.

In my case, I will maintain a filter anywhere in the network that it is 
required in order to help protect the network and the users who rely 
upon the network. Currently, estimates show that removing port 135 at 
this junction would allow the current Blaster infected users to become 
infected with Nachi/Welchia which has more network impact. Some 
segments, despite blocks, have already had small outbreaks which we had 
to irradicate. In addition, dialups have very little bandwidth to begin 
with. The amount of traffic generated on icmp and 135 is currently high 
enough to severly cripple connectivity on an unprotected dialup account.

I do agree that it is a temporary measure. Yet, one must remember that 
each network has it's own definitions of temporary, drastic, and 
appropriate. I now return you to contacting those infected users in your 
network. :)

-Jack