zotob - blocking tcp/445

• Previous message (by thread): zotob - blocking tcp/445
• Next message (by thread): zotob - blocking tcp/445
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 15 Aug 2005, Daniel Golding wrote:

>
>
> On 8/15/05 4:46 PM, "Randy Bush" <randy at psg.com> wrote:
>
> >
> >>>> I'm not nearly confident enough to decide on behalf of almost
> >>>> billion other people how they should benefit from the Internet
> >>>> and how not to.
> >>> thanks for that!
> >> Indeed.  Also see
> >> http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
> >
> > as i just replied to a private message from an enterprise op,
> >
> >   o backbone isps can not set their customers' security policy
> >     - some customers want to run billyware shares over the wan
> >       whether we advise it or not
> >     - some of us host security researchers, who have a taste
> >       for 445 and other nasty traffic
> >
>
> While its not uncommon to run SMB/Windows file system drive mounts across
> private WANs, doing so across the Internet, on a non-encrypted tunnel, is
> the equivalent of running with scissors.

no one was arguing that... just like no one argues that riding a
motorcycle sans-helmet is stupid (or playing hockey without a helmet)

>
> I am unaware of any enterprise security folks foolish enough to allow that.
> Of course, I may be sheltered.

'enterprise security folks' are probably not the issue... The fact remains
that lots of folks DO do this :( There are quite a few folks between
'consumer' and 'enterprise' that do all manner of dumb things on the
Internet  (where 'dumb' is equivalent to running smb shares across the
public network minus encryption/ipsec). It's their choice to do that, and
their network providers are expected/demanded to pass those packets for
them.

-Chris

• Previous message (by thread): zotob - blocking tcp/445
• Next message (by thread): zotob - blocking tcp/445
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]