[60467] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Aug 12 22:43:12 2003
Date: Tue, 12 Aug 2003 22:42:38 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <E19mbG9-000Ij4-99@ran.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 12 Aug 2003, Randy Bush wrote:
> > Is it just me that feels that blocking a port which is known to be used
> > to perform billions of scans is only proper?
>
> the second, and important part of the, question is whether there
> are legitimate packets to that port which want to cross your border.
> for 135, i am not aware of any that should cross my site's border
> un-tunneled.
Who should determine what protocols can cross your site's border router?
You or your ISP (ignoring the fact a lot of people on this list are their
own ISP)?
80% or more of customers wouldn't notice if you blocked everything on
their connection except HTTP/HTTPS and DNS. So why do ISPs let all
the other infection laden protocols reach their customers?
Fix spam - block port 25
Fix Slammer - block port 1434
Fix Blaster - block port 135
Fix KaZaA - block everything
I think filters/firewalls are usefull. I believe every computer should
have one. I have several. I just disagree on who should control the
filters.
