Re: zotob - blocking tcp/445

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Mon, 15 Aug 2005, Daniel Golding wrote:

> On 8/15/05 4:46 PM, "Randy Bush" <randy () psg com> wrote:
>
> > > > > I'm not nearly confident enough to decide on behalf of almost
> > > > > billion other people how they should benefit from the Internet
> > > > > and how not to.
> > > > thanks for that!
> > > Indeed.  Also see
> > > http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
> >
> > as i just replied to a private message from an enterprise op,
> >
> >   o backbone isps can not set their customers' security policy
> >     - some customers want to run billyware shares over the wan
> >       whether we advise it or not
> >     - some of us host security researchers, who have a taste
> >       for 445 and other nasty traffic
>
> While its not uncommon to run SMB/Windows file system drive mounts across
> private WANs, doing so across the Internet, on a non-encrypted tunnel, is
> the equivalent of running with scissors.

no one was arguing that... just like no one argues that riding a
motorcycle sans-helmet is stupid (or playing hockey without a helmet)

> I am unaware of any enterprise security folks foolish enough to allow that.
> Of course, I may be sheltered.

'enterprise security folks' are probably not the issue... The fact remains
that lots of folks DO do this :( There are quite a few folks between
'consumer' and 'enterprise' that do all manner of dumb things on the
Internet  (where 'dumb' is equivalent to running smb shares across the
public network minus encryption/ipsec). It's their choice to do that, and
their network providers are expected/demanded to pass those packets for
them.

-Chris