[80779] in North American Network Operators' Group
Re: Blocking port udp/tcp 1433/1434
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Wed May 11 18:43:08 2005
Date: Wed, 11 May 2005 22:28:08 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <Pine.LNX.4.58.0505111810310.4254@web1.mmaero.com>
To: Jon Lewis <jlewis@lewis.org>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
On Wed, 11 May 2005, Jon Lewis wrote:
>
> On Wed, 11 May 2005, Christopher L. Morrow wrote:
>
> > > Is there still justification for denying transit for ms-sql slammer ports?
> >
> > probably not, but that's really a local-to-your-asn decision.
>
> I dunno about that. I know it was more than a year ago, but at NANOG
> Miami, someone brought either SQL slammer or a vulnerable laptop and
> killed the network for a while. Running tcpdump on my notebook, I noticed
> fairly constant slammer probes while there. We still block it here, and
> the last time we accidentally removed that filter, a colo customer was
> promptly infected.
excellent, you made the choice for your asn... Joe should evaluate his
network's risk/behaviour/profile and see if it's still relevant for him...
much like he evaluates his requirements to recieve email from folks via
the use of the SPEWS list, which blocks my mail servers :)
