North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port blocking last resort in fight against virus
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, 2003 at 10:36:12AM -0500 Quoting Jack Bates ([email protected]): > > Is it just me that feels that blocking a port which is known to be used > to perform billions of scans is only proper? It takes time to contact, > clean, or suspend an account that is infected. Allowing infected systems > to continue to scan only causes problems for other networks. I see no > network performance issues, but that doesn't mean other networks won't > have issues. I have two faces, let's hear what they say: "I am a network operator. I do not see issues with my network unless somebody fills it up beyond capacity. Then I might ask somebody a question as to why they are shoveling so many more packets than usual. If it is a panic, I might null0 someone. I just want to keep my network transparent." "I am a systems administrator. Sometimes, there are security problems with my operating systems of choice. Then, I fix those hosts that are affected, and all is well. The network is not bothering me as long as it is transparent." Your chosen path is a down-turning spiral of kludgey dependencies, where a host is secure only on some nets, and some nets can't cope with the load of all administrative filters (some routers tend to take port-specific filters into slow-path). That way lies madness. -- M�ns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE Oh my GOD -- the SUN just fell into YANKEE STADIUM!! Attachment:
pgp00018.pgp
|