Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: "yossarian" <yossarian () planet nl>
Date: Sun, 9 Feb 2003 23:24:46 +0100
PS wrote:
All this is well and good, but I have a really hard time understanding why we need to route insecure networking protocols such as NetBIOS, CIFS, NFS or NIS across the Internet. Just closing those ports would do a world of good for the Internet as a whole, and who in the world would it hurt?
Well, it wouldn't hurt many, that is true. But who is to decide which ports can be closed? I'd block this kind of traffic within the network, in policy and on the internal firewalling, and the external connection(s). Long time ago the net was invented to connect, with it came these extremely insecure protocols. But I could argue the same for many other protocols. So could my ISP.
If you really seriously need to mount drives from a remote network, you can do it through a secure tunnel (SSH, VPN), which would not be blocked by blocking those ports. If the Internet is going to survive in any viable fashion, we have to come to our senses when it comes to allowable services. The uncontrolled access to networking services on home computers and poorly secured commercial networks is the root cause behind a lot of the problems that exist on the Internet today - worms, virus, trojans, etc. Ports 139 and 445, *at a minimum*, should be closed (to the outside) on every network in the world. Are you really willing to demand your "freedom" in the face of the overwhelming odds that leaving those ports open will do more harm than good?
Yes, I am. Leaving these ports open does not harm me, if it harms anyone - not my problem. The ports you are referring to are not vital to the internet, it can just cause extra traffic. With the e-bubble, we got loads and loads of bandwidth, not used normally. My freedom to use non-standard systems, and in the foreseeable future, non-TCPA systems, is essential to me, and to many others. All this talk of regulating the internet is very scaring, since it hurts the choice in technology we have now. Putting the burden on ISP's for all the woes we see, is counterproductive. What will we do once we've put them all out of business, policing the net without financial compensation? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SQL Slammer - lessons learned, (continued)
- RE: SQL Slammer - lessons learned John . Airey (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned John . Airey (Feb 07)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- Re: SQL Slammer - lessons learned David Howe (Feb 10)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 10)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
- Re: SQL Slammer - lessons learned Karl DeBisschop (Feb 10)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
(Thread continues...)
- RE: SQL Slammer - lessons learned John . Airey (Feb 06)