[60142] in North American Network Operators' Group
Re: Blocking port 135?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Fri Aug 1 15:05:07 2003
Date: Fri, 1 Aug 2003 14:50:49 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: Adi Linden <adil@adis.on.ca>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0308011335310.30966-100000@adibox.knet.ca>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Aug 01, 2003 at 01:37:21PM -0500, Adi Linden wrote:
> http://www.cert.org/advisories/CA-2003-19.html
>
> Would blocking port 135 at the network edge be a prudent preventative
> measure?
I've blocked these ports on my home network for
some time, just for insurance reasons to make sure that I
don't accidentally have something "bad" happen.
I don't think you will see providers doing widescale filtering
ala the ms-sql slammer situation though.
I've actually been considering the ethics of sending
winpopup "spam" to send people to the windows update website.
I think that the most important thing to do is to remind
users to (and how to) download all the latest patches
for their system. And that it's worth the download time and effort.
This is something that the lurking reporters can do for the good
of the internet, encourage your readers to visit
windowsupdate.microsoft.com. If your website does pop-up ads,
consider windowsupdate.microsoft.com in your rotation :)
- Jared
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
