zotob - blocking tcp/445

Andy Johnson andyjohnson at ij.net
Wed Aug 17 15:43:22 UTC 2005


	I think the point of many on this list is, they are a transit provider, 
not a security provider. They should not need to filter your traffic, 
that should be up to the end user/edge network to decide for themselves.

	Additionally, content filtering is great for those type of end-user 
folks, as this solution wouldn't be so difficult to scale for their 
traffic volumes. However, trying to content filter a transit provider is 
probably not a great idea.

William Warren wrote:
> 
> I may be off base here.  Can't an ips look at the traffic; say on 443 
> and figure out whether the traffic is malicious or not?  If so then let 
> it filter it.  I know IPS's aren't perfect, but, i would prefer this 
> router be taken, if available and sensible including network outage or 
> DDOS, than a hard block.  A quick block to mitigate and then an IPS rule 
> installed AFTER through investigation of the traffic could lessen the 
> load and maybe eliminate the malicious traffic without having to use a 
> hard block.  I know most here prefer not to..i am not saying this is a 
> let's block is all thread, just trying to throw out something i do not 
> see being discussed.



More information about the NANOG mailing list