[56487] in North American Network Operators' Group
Re: Port 445 issues (was: Port 80 Issues)
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Mar 9 17:58:36 2003
Date: Sun, 9 Mar 2003 17:58:02 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <200303091711.52137.jonathan@prioritynetworks.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 9 Mar 2003, Jonathan Claybaugh wrote:
> Are other people having problems with this right now?
> There doesn't seem to be very much traffic or information about this on any of
> the security lists (it is Sunday...).
> The last posted URL points to an impending storm...
>
> Other operators opinions about blocking port 445 before this thing starts
> spreading faster than it already is?
Blocking ports in the core doesn't stop stuff from spreading. There are
too many alternate paths in the core for systems to get infected through.
In reality, backbones dropped 1434 packets as a traffic management practice
(excessive traffic), not as a security management practice (protecting
users).
So far the Deloder worm appears to be responding to normal congestion
feedback controls, limiting its network impact. Like CodeRed, Nimda, etc
some edge providers may need to implement network controls due to
scanning activities causing cache busting, but I suspect most network
backbones will not need to do anything.
