Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: zotob - blocking tcp/445

  • From: Erik Amundson
  • Date: Tue Aug 16 02:58:31 2005

I've always been kind of conflicted with this issue.  I mean, providers
blocking traffic at all.

On the one hand, I'm a corporate customer, and if I'm being DOSed or
infected, I would want to be able to call my ISP and have it blocked.

On the other hand, I truly feel that I pay my ISPs to pass traffic, not
block it.

I guess it only bugs me when something is blocked and I didn't even ask
for it to be blocked...and then other stupid things are seeping through,
but are not blocked even when I ask!

If ISPs really wanted to make the Internet better for Corporate America,
I guess they'd unplug most of Asia...not block a port here and there
(but that isn't exactly acceptable).

Anways, like I said, I'm conflicted...I change my mind every now and
then because both arguments make logical sense.

- Erik

-----Original Message-----
From: [] On Behalf Of
Gadi Evron
Sent: Tuesday, August 16, 2005 12:58 AM
To: Christopher L. Morrow
Subject: Re: zotob - blocking tcp/445

[snip arguments]

> Do not become the internet firewall for your large customer base... 
> it's bad.

Okay, so please allow me to alter the argument a bit.

Say we agreed on:
1. Security is THEIR (customers') problems, not yours.
2. You are not the Internet's firewall.

That would mean you would still care about:
1. You being able to provide service.
2. Your own network being secure (?)

In a big outbreak, not for the WHOLE Internet, I'd use whatever I can. 
It can easily become an issue of my network staying alive.

Blocking that one port then might be a viable solution to get a handle
on things and calm things down.

Naturally though you are right again, it is a case-by-case issue and can
not be discussed in generalities.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.