[60441] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Mans Nilsson)
Tue Aug 12 11:51:18 2003
Date: Tue, 12 Aug 2003 17:50:38 +0200
From: Mans Nilsson <mansaxel@sunet.se>
To: nanog@merit.edu
Cc: Jack Bates <jbates@brightok.net>
In-Reply-To: <3F39096C.3040608@brightok.net>
X-synced-from: Pilsnet
Errors-To: owner-nanog-outgoing@merit.edu
--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Au=
g 12, 2003 at 10:36:12AM -0500 Quoting Jack Bates (jbates@brightok.net):
>=20
> Is it just me that feels that blocking a port which is known to be used=
=20
> to perform billions of scans is only proper? It takes time to contact,=20
> clean, or suspend an account that is infected. Allowing infected systems=
=20
> to continue to scan only causes problems for other networks. I see no=20
> network performance issues, but that doesn't mean other networks won't=20
> have issues.
I have two faces, let's hear what they say:
"I am a network operator. I do not see issues with my network unless
somebody fills it up beyond capacity. Then I might ask somebody a
question as to why they are shoveling so many more packets than
usual. If it is a panic, I might null0 someone. I just want to keep
my network transparent."
"I am a systems administrator. Sometimes, there are security problems with=
=20
my operating systems of choice. Then, I fix those hosts that are affected,
and all is well. The network is not bothering me as long as it is=20
transparent."=20
Your chosen path is a down-turning spiral of kludgey dependencies,
where a host is secure only on some nets, and some nets can't cope
with the load of all administrative filters (some routers tend to
take port-specific filters into slow-path). That way lies madness.=20
--=20
M=E5ns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
Oh my GOD -- the SUN just fell into YANKEE STADIUM!!
--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE/OQzO02/pMZDM1cURAndPAKCSQ42F79OOm73csWRpM9myaMpQSwCfXIjv
u/6QQvb2BmC5iTFfwZraaDw=
=G58b
-----END PGP SIGNATURE-----
--ikeVEW9yuYc//A+q--
