nanog mailing list archives
RE: ISPs' willingness to take action
From: "Bob German" <bobgerman () irides com>
Date: Mon, 27 Oct 2003 04:54:30 -0500
It's true. I don't know if it's prevalent, but you'd be amazed at how many small shops are putting exchange on the public internet using the spooky windows ports to attach to it. IMHO the best solution to most of these problems is education. We implemented an IDS system. The ROI comes from the inbound attacks being detected/prevented/shunned. But it's also listening to the outbound stuff, so when we see that a customer has the flavor of the week, we cut him off, give him a call and some friendly advice, and everyone's happy. When we see IRC joins and port scans from a customer server, we give him a call, advise him that he's been rooted, and offer to assist in his recovery (can you say business opportunity, folks?). Blocking ports is fine as long as you let people know what you're blocking and why, offer alternative solutions and offer to unblock if it's an absolute requirement. Often, once properly educated about the risks, a lesser experienced admin will be excited about the opportunity to do it the more secure way, and will begin preparations, so I've found the "unblock" is usually temporary. I believe the answer is for all providers to do this -- monitor outbound traffic with IDS, consider it a business opportunity to offer managed services to your customers. Resell virus software, firewall units, and most importantly, education. Your customers will appreciate it, believe me. -Bob
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Stewart, William C (Bill), RTSLS
Sent: Monday, October 27, 2003 1:27 AM To: nanog () merit edu Subject: Re: ISPs' willingness to take action Brian Bruns asserts that there are lots of home users connecting to
their office Exchange servers without VPNs, and that therefore blocking the Microsoft
ports was bad. While I agree with his point that you shouldn't do it
without documenting what you are or are not blocking, I'm really surprised to hear
the assertion that people are leaving unfirewalled Exchange servers out
on the net.
Is this actually common? /shudders...
Current thread:
- Re: ISPs' willingness to take action, (continued)
- Re: ISPs' willingness to take action Sean Donelan (Oct 27)
- ISPs' willingness to take action [OT USPS] David Lesher (Oct 27)
- Re: ISPs' willingness to take action [OT USPS] Henry Linneweh (Oct 27)
- RE: ISPs' willingness to take action Charles Sprickman (Oct 26)
- Re: ISPs' willingness to take action matt (Oct 27)
- Re: ISPs' willingness to take action Niels Bakker (Oct 27)
- RE: ISPs' willingness to take action Bob German (Oct 27)
- RE: ISPs' willingness to take action Eric Kuhnke (Oct 27)
- Re: ISPs' willingness to take action Alan Spicer (Oct 27)
- Re: ISPs' willingness to take action kenw (Oct 27)
- Re: ISPs' willingness to take action E.B. Dreger (Oct 27)
- Re: ISPs' willingness to take action Christopher L. Morrow (Oct 27)
- Re: ISPs' willingness to take action kenw (Oct 27)
- Re: ISPs' willingness to take action Richard Irving (Oct 27)