Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: zotob - blocking tcp/445

  • From: Andy Johnson
  • Date: Wed Aug 17 11:42:29 2005

I think the point of many on this list is, they are a transit provider, not a security provider. They should not need to filter your traffic, that should be up to the end user/edge network to decide for themselves.

Additionally, content filtering is great for those type of end-user folks, as this solution wouldn't be so difficult to scale for their traffic volumes. However, trying to content filter a transit provider is probably not a great idea.

William Warren wrote:

I may be off base here. Can't an ips look at the traffic; say on 443 and figure out whether the traffic is malicious or not? If so then let it filter it. I know IPS's aren't perfect, but, i would prefer this router be taken, if available and sensible including network outage or DDOS, than a hard block. A quick block to mitigate and then an IPS rule installed AFTER through investigation of the traffic could lessen the load and maybe eliminate the malicious traffic without having to use a hard block. I know most here prefer not to..i am not saying this is a let's block is all thread, just trying to throw out something i do not see being discussed.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.