[62574] in North American Network Operators' Group
Re: Providers removing blocks on port 135?
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Sep 19 10:49:29 2003
Date: Fri, 19 Sep 2003 09:47:32 -0500
From: Jack Bates <jbates@brightok.net>
To: Adam Hall <Adam.Hall@networktelephone.net>
Cc: "'nanog@nanog.org'" <nanog@nanog.org>
In-Reply-To: <76774E200433D611A6E000D0B73C4E321FF900@pflnocti.corp.com>
Errors-To: owner-nanog-outgoing@merit.edu
Adam Hall wrote:
>
>
> Anyone know anything about prorviders removing ACLs from their routers
> to allow ports 135/445/4444 back into their network? Curious only
> because customers are calling in saying that Verizon, Cox, Bellsouth,
> and DSL.net are doing so and seem to have a big problem with the fact
> that we're hesitent follow their lead.
>
No two networks are the same, nor do they have the same issues. The new
RPC exploit worm will be interesting to watch on the above networks if
they've dropped their blocks. There's also a question of at which layer
they have done so. For example, if blocks were removed from central
sites in favor of blocks that were pushed out to the end users.
Allowing the various scans out costs other people money. If nothing
else, I'll leave 135 in place long enough to ensure that the number of
users that are infected are manageable. My transit customers are all
telling me the same thing. They are still pushing it to get people
cleaned up and patched. They want their blocks to remain (so they don't
have to pay us more).
-Jack
