nanog mailing list archives
Re: zotob - blocking tcp/445
From: Daniel Golding <dgolding () burtongroup com>
Date: Mon, 15 Aug 2005 22:15:22 -0400
On 8/15/05 4:46 PM, "Randy Bush" <randy () psg com> wrote:
I'm not nearly confident enough to decide on behalf of almost billion other people how they should benefit from the Internet and how not to.thanks for that!Indeed. Also see http://www.iab.org/documents/docs/2003-10-18-edge-filters.htmlas i just replied to a private message from an enterprise op, o backbone isps can not set their customers' security policy - some customers want to run billyware shares over the wan whether we advise it or not - some of us host security researchers, who have a taste for 445 and other nasty traffic
While its not uncommon to run SMB/Windows file system drive mounts across private WANs, doing so across the Internet, on a non-encrypted tunnel, is the equivalent of running with scissors. I am unaware of any enterprise security folks foolish enough to allow that. Of course, I may be sheltered. (as an aside - running windows file system mounts across enterprise WANs is so common that there are WAN optimization devices that improve remote disk mount performance via protocol spoofing) - Dan
o enterprise / site ops can set their users' security policies as that's part of their job and charter randy
Current thread:
- zotob - blocking tcp/445 Gadi Evron (Aug 15)
- <Possible follow-ups>
- Re: zotob - blocking tcp/445 surfer () mauigateway com (Aug 15)
- Re: zotob - blocking tcp/445 Saku Ytti (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Saku Ytti (Aug 15)
- Re: zotob - blocking tcp/445 Steven M. Bellovin (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Daniel Golding (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 15)
- Re: zotob - blocking tcp/445 Daniel Senie (Aug 16)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
- Re: zotob - blocking tcp/445 Saku Ytti (Aug 15)
- Re: zotob - blocking tcp/445 Shane Amante (Aug 15)
- Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 15)