zotob - blocking tcp/445
Gadi Evron
ge at linuxbox.org
Tue Aug 16 05:35:03 UTC 2005
Randy Bush wrote:
>>>>I'm not nearly confident enough to decide on behalf of almost
>>>>billion other people how they should benefit from the Internet
>>>>and how not to.
>>>
>>>thanks for that!
>>
>>Indeed. Also see
>>http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
>
>
> as i just replied to a private message from an enterprise op,
>
> o backbone isps can not set their customers' security policy
> - some customers want to run billyware shares over the wan
> whether we advise it or not
> - some of us host security researchers, who have a taste
> for 445 and other nasty traffic
>
> o enterprise / site ops can set their users' security policies
> as that's part of their job and charter
>
> randy
>
I actually agree with you Chris and Steven. Point is though, that in a
HUGE outbreak - sometimes you might even have to cause a self-DDoS and
kill some of your services to parts of your networks or at all, to keep
your net alive, not to mention secure.
As immediate critical measures, blocking tcp/445 might be an acceptable
solution. Nobody is talking about censoring the Internet.
I believe that blocking port 445 is Good, just like I believe it will
not get done by most and for Good reasons.
Every solution has its good applications - sometimes short-term, even
Bad long term solutions. Thing is, how do they remain temporary rather
than becoming perm.?
Gadi.
More information about the NANOG
mailing list