North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: zotob - blocking tcp/445
On 8/15/05 4:46 PM, "Randy Bush" <[email protected]> wrote: > >>>> I'm not nearly confident enough to decide on behalf of almost >>>> billion other people how they should benefit from the Internet >>>> and how not to. >>> thanks for that! >> Indeed. Also see >> http://www.iab.org/documents/docs/2003-10-18-edge-filters.html > > as i just replied to a private message from an enterprise op, > > o backbone isps can not set their customers' security policy > - some customers want to run billyware shares over the wan > whether we advise it or not > - some of us host security researchers, who have a taste > for 445 and other nasty traffic > While its not uncommon to run SMB/Windows file system drive mounts across private WANs, doing so across the Internet, on a non-encrypted tunnel, is the equivalent of running with scissors. I am unaware of any enterprise security folks foolish enough to allow that. Of course, I may be sheltered. (as an aside - running windows file system mounts across enterprise WANs is so common that there are WAN optimization devices that improve remote disk mount performance via protocol spoofing) - Dan > o enterprise / site ops can set their users' security policies > as that's part of their job and charter > > randy >
|