North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: zotob - blocking tcp/445

  • From: Erik Amundson
  • Date: Tue Aug 16 02:58:31 2005

I've always been kind of conflicted with this issue.  I mean, providers
blocking traffic at all.

On the one hand, I'm a corporate customer, and if I'm being DOSed or
infected, I would want to be able to call my ISP and have it blocked.

On the other hand, I truly feel that I pay my ISPs to pass traffic, not
block it.

I guess it only bugs me when something is blocked and I didn't even ask
for it to be blocked...and then other stupid things are seeping through,
but are not blocked even when I ask!

If ISPs really wanted to make the Internet better for Corporate America,
I guess they'd unplug most of Asia...not block a port here and there
(but that isn't exactly acceptable).

Anways, like I said, I'm conflicted...I change my mind every now and
then because both arguments make logical sense.

- Erik




-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Gadi Evron
Sent: Tuesday, August 16, 2005 12:58 AM
To: Christopher L. Morrow
Cc: [email protected]
Subject: Re: zotob - blocking tcp/445


[snip arguments]

> Do not become the internet firewall for your large customer base... 
> it's bad.
> 

Okay, so please allow me to alter the argument a bit.

Say we agreed on:
1. Security is THEIR (customers') problems, not yours.
2. You are not the Internet's firewall.

That would mean you would still care about:
1. You being able to provide service.
2. Your own network being secure (?)

In a big outbreak, not for the WHOLE Internet, I'd use whatever I can. 
It can easily become an issue of my network staying alive.

Blocking that one port then might be a viable solution to get a handle
on things and calm things down.

Naturally though you are right again, it is a case-by-case issue and can
not be discussed in generalities.

	Gadi.