Full Disclosure mailing list archives
Re: ISP's save the Inet from Blaster?
From: Shawn Wallis <swallis () ittc ukans edu>
Date: Thu, 14 Aug 2003 08:54:17 -0500 (CDT)
I have worked for several ISP's, and most/nearly all of them are clueful as to the harm their networks pose. You have to remember, they are selling a service to customers, and many customers don't want to use a service where they can't do x, y, and z.. The problem is, is customers must give up something, for this security. If all the DSL/Cable providers drop offering those ports, they will do just what I did, and switch to someone who hasn't blocked them yet... or upgrade and pay more for a business-class type.. Most providers I know are in it to make money, so there is a huge benefit to offering as much as possible, without hindering their network... If you'll notice, the carriers, normally don't even dream of blocking ports.. The several I worked for had policies that prevented filtering of ports due to the load on the routers, and the interruption of service to the customer. Carriers have SLA's with most of their customers to provide service. Even when dealing with worms, there had to be explicit service interruption to multiple customers, before they would block interfere. The impact is huge for them, but what if they just decided to block 135.. Think of the effect that could have on business, etc. (Not that anyone should be using these across any WAN's.. but I'm sure they do...) The ISP networks are just a staging point, but I truly wonder how much business and how many users will switch, or drop their service as they blame a local ISP for interrupting their service, or not protecting them?? I doubt we will ever know, but it would be very interesting how many people don't understand the situation, and quit their current provider due to this. (Just like when customers get frustrated when a carrier has repeated outages, and switches services... However, a lot of CO's are in the same building next to each other... and suffer the same issues) I think the problem is much greater. I am not really worried about the DSL-type providers. Most of them seem to be on the ball, but what i'm worried about are people outside of the US. The reason is, there is no regulation of what comes in (or goes out) on border routers. I wouldn't mind seeing some comparisons as to whom the top contributors were (by some of the carriers). I am pretty sure the numbers will be greater outside the US. I think if the carriers pitched in, and blocked "135/tcp" from non-US, this might have helped the issue. I think the carriers need to take a little more responsibility. (and change their policies) Their role is just to provide customers with a big fat pipe, and usually don't do any filtering. (Due to load on routers, interferring with other customers, etc...) DSL/Cable providers actually have to deal with the end users, sadly enough. Maybe carriers are coming up with some rules how in an event of a worm (etc.), they will proceed to block ports to limit exposure.. One of the problems again, is there is no profit doing Internet worm/DOS/DDOS prevention. The only profit comes from VPN'd type setups where users will affect themselves, or other networks they are affiliated with. There are companies out there that do this sort of thing, like Arbor Networks, but... the problem, is even if I protect my home LAN, there is a chance that my provider will be affected, and their carrier will be affected, and the carrier/provider where I am trying to get to.. So, whats the point? and even if one hop between me and my destination are affected, it hoses everything up for me! :) - Shawn On Wed, 13 Aug 2003, Kyp Durron wrote:
Hello all, Here is something to contemplate. Right now portions or possibly all of Cox, Charter, Comcast and SBC DSL networks are not allowing in or outbound port 135, 139 and 445 traffic. Take into consideration the vast number of uneducated users running XP or 2000 with no protection on those networks. So, is it possible that these ISP's are finally clueing into the dangers that their networks pose to the Internet at large and are partial to thank for Blaster not being a Slammer times 1000? On a funny side note a few of these ISP's are denying the fact that they are blocking those ports, but there is NO way you can scan over 200 client machines and see tons of 5000 (uPnP) ports open and not one 135, 139 or 445. _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ISP's save the Inet from Blaster? Kyp Durron (Aug 14)
- Re: ISP's save the Inet from Blaster? Lan Guy (Aug 14)
- Re: ISP's save the Inet from Blaster? Shawn Wallis (Aug 14)