RE: Providers removing blocks on port 135?

[Owen DeLong <owen () delong com>]

OK... Obviously, you need to do what you need to do to keep things
running.  However, that should be a temporary crisis response.  If your
equipment is getting DOS'd for more than a few months, we need to find
a way to fix a bigger problem.  Permanently breaking some service 
(regardless
of what we think of it.  Personally, I'll be glad to see M$ go down in 
flames)
is _NOT_ the correct answer.

Owen


--On Friday, September 19, 2003 10:14 AM -0700 Matthew Kaufman 
<matthew () eeph com> wrote:

> I agree entirely with this. You shouldn't call yourself an ISP unless you
> can transport the whole Internet, including those "bad Microsoft ports",
> between the world and your customers.
>
> On the other hand, what's a provider to do when their access hardware
> can't deal with a pathological set of flows or arp entries? There isn't a
> good business case to forklift out your DSLAMs and every customer's
> matching CPE when a couple of ACLs will fix the problem. For that matter,
> there isn't a very good business case for transporting Nachi's ICMP
> floods across an international backbone network when you can do a bit of
> rate-limiting and cut your pipe requirements by 10-20%.
>
> Matthew Kaufman
> matthew () eeph com
>
> > -----Original Message-----
> > From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On
> > Behalf Of Owen DeLong
> > Sent: Friday, September 19, 2003 10:03 AM
> > To: Jack Bates; Adam Hall
> > Cc: 'nanog () nanog org'
> > Subject: Re: Providers removing blocks on port 135?
> >
> >
> >
> > FWIW, my opinion is that blocking this at the customer edge
> > per customer request is fine.  Any other blocking by an ISP
> > is damage and should be routed around like any other internet damage.
> >
> > Owen