North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: zotob - blocking tcp/445

  • From: Church, Chuck
  • Date: Tue Aug 16 14:45:46 2005

 



On Mon, 15 Aug 2005, Church, Chuck wrote:

>
>
> >'enterprise security folks' are probably not the issue... The fact
> remains
> >that lots of folks DO do this :( There are quite a few folks between
> >'consumer' and 'enterprise' that do all manner of dumb things on the
> >Internet  (where 'dumb' is equivalent to running smb shares across
the
> >public network minus encryption/ipsec). It's their choice to do that,
> and
> >their network providers are expected/demanded to pass those packets
for
> >them.
>
> >-Chris
>
> Surely the ratio of 'useful' traffic compared to 'junk' for a
particular
> protocol must be considered.  What percentage of netbios entering a

on your piece of the network you can consider the  ratio of pigs to
birds,
or good to bad traffic or phases of the moon, it's your network do what
you will. I can say that if you have a vocal enough customer the blocks
won't last very long, or the customer will find another network to
connect
to...

***  Rules are going to be different for residential vs. business
customers.  Business customers who aren't on crack probably know better
to block netbios in and out.  But residential customers, I think you'll
win more customers than lose by taking some proactive blocking measures.

> service provider's edge is intentional?  1%?  0.1%?  I'm guessing much
> less than that.  If 5 or 6 nines worth of a particular protocol
entering
> or leaving an ISP's network is unintentional, and highly susceptible
to
> viral activity, isn't it in our best interest to block it?  With
proper

your best interest might be to do that sure... 'your network, your
call'.

> notification to subscribers and instructions on setting up
host-to-host
> PPTP/whatever, blocking netbios can solve a large bunch of issues....
>

please send my instructions for host-to-host pptp that my grandmother
can
follow without help of techsupport.

*** Well, if you grandmother is already familiar with mapping drives and
modifying her lmhosts file....  :)