[60480] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Petri Helenius)
Wed Aug 13 05:34:17 2003
From: "Petri Helenius" <pete@he.iki.fi>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: "Mans Nilsson" <mansaxel@sunet.se>, <nanog@merit.edu>
Date: Wed, 13 Aug 2003 12:33:47 +0300
Errors-To: owner-nanog-outgoing@merit.edu
>
> In your world DoS traffic would be free to roam the networks as it pleased
> without being throttled sensibly at ingress?
>
Throttling is a different from blocking. Sensible traffic management does not
break applications nor network transparency. You are free to choose when to
forward each packet.
> Or the dumb [wannabee] IT guy runs some telnet/ftp/filesharing service without
> passwords and its ok for the whole world to access the private system coz its
> his fault?
>
This means your application security infrastructure already failed if some filesharing
application is running on a machine which also has access to data in the internal
disk shares.
Pete
