[83457] in North American Network Operators' Group
Re: zotob - blocking tcp/445
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Aug 16 00:35:47 2005
Date: Tue, 16 Aug 2005 07:35:03 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Randy Bush <randy@psg.com>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
Saku Ytti <saku+nanog@ytti.fi>, nanog list <nanog@merit.edu>
In-Reply-To: <17152.65331.635732.146362@roam.psg.com>
Errors-To: owner-nanog@merit.edu
Randy Bush wrote:
>>>>I'm not nearly confident enough to decide on behalf of almost
>>>>billion other people how they should benefit from the Internet
>>>>and how not to.
>>>
>>>thanks for that!
>>
>>Indeed. Also see
>>http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
>
>
> as i just replied to a private message from an enterprise op,
>
> o backbone isps can not set their customers' security policy
> - some customers want to run billyware shares over the wan
> whether we advise it or not
> - some of us host security researchers, who have a taste
> for 445 and other nasty traffic
>
> o enterprise / site ops can set their users' security policies
> as that's part of their job and charter
>
> randy
>
I actually agree with you Chris and Steven. Point is though, that in a
HUGE outbreak - sometimes you might even have to cause a self-DDoS and
kill some of your services to parts of your networks or at all, to keep
your net alive, not to mention secure.
As immediate critical measures, blocking tcp/445 might be an acceptable
solution. Nobody is talking about censoring the Internet.
I believe that blocking port 445 is Good, just like I believe it will
not get done by most and for Good reasons.
Every solution has its good applications - sometimes short-term, even
Bad long term solutions. Thing is, how do they remain temporary rather
than becoming perm.?
Gadi.
