zotob - blocking tcp/445
Peter Dambier
peter at peter-dambier.de
Thu Aug 18 18:02:45 UTC 2005
Roger Marquis wrote:
>
> Andy Johnson wrote:
>
>> I think the point of many on this list is, they are a transit
>> provider, not a security provider. They should not need to filter
>> your traffic, that should be up to the end user/edge network to
>> decide for themselves.
>
>
> How is this different from a transit provider allowing their network
> to be used for spam? Seems the same hands-off argument was made wrt
> spam a decade ago but has since proved unsustainable.
>
> Our particular problem is with an ISP in Wisconsin, NETNET-WAN. We
> get tens of thousands of scans to netbios ports every day from their
> /19. This is several orders of magnitude more netbios than we see
>
>> from the rest of the net combined. It's eating nontrivial bandwidth
>
> and cpu that we pay real money for. They've had our logs for months
> but seem incapable of doing anything about their infected customers.
> The suits recommend documenting time and bandwidth costs and sending
> a bill with a cease and desist request.
>
> My question is not what can we do about bots, we already filter
> these worst case networks, but what can we do to make it worthwhile
> for bot-providers like NETNET to police their own networks without
> involving lawyers?
>
Route them through a modem using 4800 Baud. They will very soon look
what is eating their bandwidth and hopefully find those netbios packets.
Blocking port 445 will prevent me from using "ssh -p 455" to reach my
clients. Using 4800 baud will slow me down but it will not stop me working.
Does anyone really use port 22 for ssh? I cannot use it because of all
those wordbook attacks. Nobody cares to stop those.
Regards,
Peter and Karin Dambier
--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
mail: peter at peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason
More information about the NANOG
mailing list