North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to block all Microsoft protocols in the core?

  • From: Darren Pilgrim
  • Date: Mon Jan 27 03:39:58 2003

Sean Donelan wrote:

Should ISPs start blocking all Microsoft protocols in self-defense?
All of my routers block netbios, DHCP, and packets with improper source
addresses.  But then I'm spending router memory and CPU cycles many
people don't have.

Since many of users install database products just for local use, why
does the database open up a network port on the initial
installation? Wouldn't it be better to ask the user, or only open the
network port if its being used?
Its not just a Microsoft thing. SYSLOG opened the network port by default, and the user has to remember to disable it for only local logging.
I don't think it's so much of a problem of programs opening listen sockets as it is a problem of admins not properly controlling their networks and a certain software company pushing insecure features like printing over the internet that refuse to work from behind a firewall and have no direct proxy support.