[83467] in North American Network Operators' Group
RE: zotob - blocking tcp/445
daemon@ATHENA.MIT.EDU (Erik Amundson)
Tue Aug 16 02:57:53 2005
Date: Tue, 16 Aug 2005 01:57:27 -0500
From: "Erik Amundson" <Erik.Amundson@oati.net>
To: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
I've always been kind of conflicted with this issue. I mean, providers
blocking traffic at all.
On the one hand, I'm a corporate customer, and if I'm being DOSed or
infected, I would want to be able to call my ISP and have it blocked.
On the other hand, I truly feel that I pay my ISPs to pass traffic, not
block it.
I guess it only bugs me when something is blocked and I didn't even ask
for it to be blocked...and then other stupid things are seeping through,
but are not blocked even when I ask!
If ISPs really wanted to make the Internet better for Corporate America,
I guess they'd unplug most of Asia...not block a port here and there
(but that isn't exactly acceptable).
Anways, like I said, I'm conflicted...I change my mind every now and
then because both arguments make logical sense.
- Erik
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Gadi Evron
Sent: Tuesday, August 16, 2005 12:58 AM
To: Christopher L. Morrow
Cc: nanog@merit.edu
Subject: Re: zotob - blocking tcp/445
[snip arguments]
> Do not become the internet firewall for your large customer base...=20
> it's bad.
>=20
Okay, so please allow me to alter the argument a bit.
Say we agreed on:
1. Security is THEIR (customers') problems, not yours.
2. You are not the Internet's firewall.
That would mean you would still care about:
1. You being able to provide service.
2. Your own network being secure (?)
In a big outbreak, not for the WHOLE Internet, I'd use whatever I can.=20
It can easily become an issue of my network staying alive.
Blocking that one port then might be a viable solution to get a handle
on things and calm things down.
Naturally though you are right again, it is a case-by-case issue and can
not be discussed in generalities.
Gadi.
