[55315] in North American Network Operators' Group
Re: Is it time to block all Microsoft protocols in the core?
daemon@ATHENA.MIT.EDU (Darren Pilgrim)
Mon Jan 27 05:16:23 2003
Date: Mon, 27 Jan 2003 00:37:31 -0800
From: Darren Pilgrim <dmp@pantherdragon.org>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0301270247250.18344-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
Sean Donelan wrote:
> Should ISPs start blocking all Microsoft protocols in self-defense?
All of my routers block netbios, DHCP, and packets with improper source
addresses. But then I'm spending router memory and CPU cycles many
people don't have.
> Since many of users install database products just for local use, why
> does the database open up a network port on the initial
> installation? Wouldn't it be better to ask the user, or only open the
> network port if its being used?
> Its not just a Microsoft thing. SYSLOG opened the network port by
> default, and the user has to remember to disable it for only local
> logging.
I don't think it's so much of a problem of programs opening listen
sockets as it is a problem of admins not properly controlling their
networks and a certain software company pushing insecure features like
printing over the internet that refuse to work from behind a firewall
and have no direct proxy support.
