[83446] in North American Network Operators' Group
Re: zotob - blocking tcp/445
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Mon Aug 15 17:29:58 2005
Date: Mon, 15 Aug 2005 21:29:25 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <4300e431.1b8.3e32.1309548120@mauigateway.com>
To: "surfer@mauigateway.com" <surfer@mauigateway.com>
Cc: Gadi Evron <ge@linuxbox.org>, nanog list <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Mon, 15 Aug 2005, surfer@mauigateway.com wrote:
>
>
> NetBIOS was never meant to be a WAN protocol, so no problem
> in blocking it.
rule #1: do not be the Internet's Firewall
rule #2: see rule #1
a leaf network can make any decisions they want on traffic filtering,
large ISP's should probably not do this as there are invariably people out
there that will want SNMP/ICMP/NetBIOS/SQL-NameService to work over their
WAN link(S). I recall some 'fun' with this issue on:
1) slammer worm (ms has a developers thingy that REQUIRES 1434 to work
over the internet)
2) welchia/nachi - how can I ping monitor my remote sites?
ymmv.
>
> For example: grc.com/su-techzone1.htm
>
> scott
>
> ----- Original Message Follows -----
> From: Gadi Evron <ge@linuxbox.org>
> To: nanog list <nanog@merit.edu>
> Subject: zotob - blocking tcp/445
> Date: Mon, 15 Aug 2005 21:51:43 +0200
> > I heard from several different big ISP's that to stop the
> > spread of the worm they now block tcp/445. I suppose it
> > works.
> >
> > Gadi.
>
