North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: zotob - blocking tcp/445
- From: routerg
- Date: Wed Aug 17 23:05:30 2005
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rtsNtlzF/m+97z+dG72k9lVFAX19CE2wJ9xNpvup58sTNJUjZW44ai5e2Bb7+wBqu2gTz624NRBvSaSCy8CP+FXSAiI5TqGbY3bHUygT+Lj2ICu655ScaO484cDdJgs0GunONctcituP9SpFzXsf7f+CHw9+PCo75q1F42UDthg=
On 8/16/05, Gadi Evron <email@example.com> wrote:
> Randy Bush wrote:
> >>Surely we realize that this discussion is not concerning the oft
> >>repeated "Internet's Firewall" debate.
> >>Its about containing a potential worm/virus outbreak. Call it a network
> >>wide quarantine.
> > surely you realize that this discussion is not about civil rights
> > and the constitution, but about combatting terrorists.
> To a level, it is.
> Is combating terrorists bad? No one here would say no. Then it starts
> getting complicated when you discuss the HOW.
> Over-protecting by first saying "no" because you fear potential "how's"
> is silly.
> Fearing the HOW itself is legitimate.
> Not every block is a censor, m'kay? Some censors are good - do you want
> to see kiddie porn on TV? Let us not make this a freedom of speech
> argument and go back to network issues.
> You have say, 35K clients who will get infected in the next 2 days if
> you don't block port 445. Are you going to block it or are you going to
> let them get infected and infect others?
What if you are a transit provider that serves ebay, yahoo, and/or
google and the worm is propogating over TCP port 80? If they have
sufficient bandwidth and security mechinisms to protect themselves I
can guarantee you that those enterprise customers would not want their
upstream provider unilaterally dropping the traffic. I recognise that
the service we are talking about here is typically used in file
sharing but people may even be using 445 for different services (as
silly as it sounds).
Where will the filtering end? Is your NSP/ISP responsible for
filtering virii, spam, phishing? I'm not saying it wouldn't be nice,
but considering the types of attacks we see coupled with the fact that
many enterprise customers are service providers themselves, providing
service to yet other service providers, it is very difficult to take
their decission making power away.
> That or I am missing something.