North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: zotob - blocking tcp/445

  • From: Gadi Evron
  • Date: Tue Aug 16 00:36:39 2005 
Randy Bush wrote:

I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.

thanks for that!

Indeed.  Also see
http://www.iab.org/documents/docs/2003-10-18-edge-filters.html

as i just replied to a private message from an enterprise op,

  o backbone isps can not set their customers' security policy
    - some customers want to run billyware shares over the wan
      whether we advise it or not
    - some of us host security researchers, who have a taste
      for 445 and other nasty traffic

  o enterprise / site ops can set their users' security policies
    as that's part of their job and charter

randy
I actually agree with you Chris and Steven. Point is though, that in a HUGE outbreak - sometimes you might even have to cause a self-DDoS and kill some of your services to parts of your networks or at all, to keep your net alive, not to mention secure.

As immediate critical measures, blocking tcp/445 might be an acceptable solution. Nobody is talking about censoring the Internet.

I believe that blocking port 445 is Good, just like I believe it will not get done by most and for Good reasons.

Every solution has its good applications - sometimes short-term, even Bad long term solutions. Thing is, how do they remain temporary rather than becoming perm.?

Gadi.