Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: zotob - blocking tcp/445

  • From: Gadi Evron
  • Date: Tue Aug 16 11:13:33 2005

and again I point to the above rules. What your network can't handle
'scanning wise' is completely different from what the network I work on
can handle.

If your network is being jeopardized by some level of scanning they fix
that, but that is a local decision. Blindly stating "large isps filter
port X" is just disingenuous, there are certainly cases as exceptions,
most of which end with the ISP in question saying: "Wow that was a lot
more painful than we thought originally:("
I've been following the "don't be the Internet's firewall" thing, but I lost you now.

Quarantine works. Sorry, it does.

If your network can handle everything, that's great.

I have seen cases where people blocked entire countries for mitigation purposes, not to mention entire ISP's. Is that wise and/or good?

It worked for them for the time.

The point is reacting to a given situation. A reason not to do something would NOT be "because then people will not patch". I am sorry.

Nobody is arguing that the philosophy is bad. We even agree with you.
Where I strongly disagree is canceling this method out on ANY level, because that's just plain wrong.

It's simple, it works, and yesterday it worked for several "big ISP's". Would these ISP's generally block port 445? How is that relevant?

They just prevented their entire user-base from getting infected and their network from being DDoS'd and soon after becoming a DDoS source, by going the KISS way and reacting.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.