[60478] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Wed Aug 13 05:14:58 2003
Date: Wed, 13 Aug 2003 10:14:22 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Mans Nilsson <mansaxel@sunet.se>
Cc: Petri Helenius <pete@he.iki.fi>, <nanog@merit.edu>
In-Reply-To: <20030813090617.GH61550@sunet.se>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 13 Aug 2003, Mans Nilsson wrote:
> Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox (steve@telecomplete.co.uk):
>
> > Sorry I see where you're coming from on this but firewalls are more than just
> > patches to broken OS's.
> >
> > In your world DoS traffic would be free to roam the networks as it pleased
> > without being throttled sensibly at ingress?
>
> Providing one makes people responsible for what their boxes (not
> aggregates of networks) cause, and enforces this, there will be no
> DoS traffic; given a perfect world.
What if the people running the boxes are irresponsible, perhaps even harboring
malicious intent
> Even in an imperfect world, the solution lies in the edge, not even
> the CPE, but the end node, if you want to do more than pathetic
> bandaiding of the inherent problem of insecure applications on end
> nodes.
I dont have control of all end nodes but I do control my edge.
Steve
