[60477] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Mans Nilsson)
Wed Aug 13 05:07:03 2003
Date: Wed, 13 Aug 2003 11:06:17 +0200
From: Mans Nilsson <mansaxel@sunet.se>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Petri Helenius <pete@he.iki.fi>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0308130954090.11135-100000@MrServer>
X-synced-from: Pilsnet
Errors-To: owner-nanog-outgoing@merit.edu
--Bg2esWel0ueIH/G/
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: Port blocking last resort in fight against virus Date: Wed, Au=
g 13, 2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox (steve@telecomplet=
e.co.uk):
=20
> Sorry I see where you're coming from on this but firewalls are more than =
just=20
> patches to broken OS's.=20
>=20
> In your world DoS traffic would be free to roam the networks as it please=
d=20
> without being throttled sensibly at ingress?
Providing one makes people responsible for what their boxes (not
aggregates of networks) cause, and enforces this, there will be no
DoS traffic; given a perfect world.
Even in an imperfect world, the solution lies in the edge, not even
the CPE, but the end node, if you want to do more than pathetic
bandaiding of the inherent problem of insecure applications on end
nodes.
=20
--=20
M=E5ns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
My face is new, my license is expired, and I'm under a doctor's
care!!!!
--Bg2esWel0ueIH/G/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE/Of+J02/pMZDM1cURAva3AJ9zpkLeGstGtHCT4fgMtIeF/D0anwCfclqh
iDvqAqTAyZXwXlQjkYV4bEs=
=9Tmq
-----END PGP SIGNATURE-----
--Bg2esWel0ueIH/G/--
