[60439] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Jack Bates)
Tue Aug 12 11:36:49 2003
Date: Tue, 12 Aug 2003 10:36:12 -0500
From: Jack Bates <jbates@brightok.net>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0308121059360.7051-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
Sean Donelan wrote:
>
> http://computerworld.co.nz/webhome.nsf/UNID/BEC6DE12EC6AE16ECC256D8000192BF7!opendocument
>
> "While some end users are calling for ISPs to block certain ports relating
> to the Microsoft exploit as reported yesterday (Feared RPC worm starts to
> spread), most ISPs are reluctant to do so."
>
Is it just me that feels that blocking a port which is known to be used
to perform billions of scans is only proper? It takes time to contact,
clean, or suspend an account that is infected. Allowing infected systems
to continue to scan only causes problems for other networks. I see no
network performance issues, but that doesn't mean other networks won't
have issues.
-Jack
