North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port blocking last resort in fight against virus

  • From: Christopher L. Morrow
  • Date: Tue Aug 12 18:03:05 2003

On Tue, 12 Aug 2003, Jack Bates wrote:

>
> Christopher L. Morrow wrote:
>
> >
> > If people want to use the network they need to take the responsibility and
> > patch their systems. Blocking should really only be considered in very
> > extreme circumstances when your network is being affected by the problem,
> > or if the overall threat is such that a short term network-wide block
> > would help get over the hump.
>
> Correct, and that's what I consider this; a short term network-wide
> block that would help get over the hump. While my network is stable,
> that doesn't mean everyone being scanned is stable. There are
> undoubtably DOS conditions caused by this worm.

Each local network should make this decision on their own, the backbone
should really only get involved if there is a real crisis. The local
network has the ability to determine if the ports/protocols are being used
legitimately, not the backbone. Just cause you'd have to be insane to use
MS shares over the open internet doesn't mean there aren't people doing it
:( (or selling Exchange mailboxes over it too apparently?).

So, if in YOUR network you want to do this blocking, go right ahead, but I
wouldn't expect anyone else to follow suit unless they already determined
there was a good reason for themselves to follow suit. As an aside, a day
or so of 5 minutely reboots teaches even the slowest user to find a
firewall product and upgrade/update their systems, eh?