nanog mailing list archives
Re: zotob - blocking tcp/445
From: Peter Dambier <peter () peter-dambier de>
Date: Thu, 18 Aug 2005 20:02:45 +0200
Roger Marquis wrote:
Andy Johnson wrote:I think the point of many on this list is, they are a transit provider, not a security provider. They should not need to filter your traffic, that should be up to the end user/edge network to decide for themselves.How is this different from a transit provider allowing their network to be used for spam? Seems the same hands-off argument was made wrt spam a decade ago but has since proved unsustainable. Our particular problem is with an ISP in Wisconsin, NETNET-WAN. We get tens of thousands of scans to netbios ports every day from their /19. This is several orders of magnitude more netbios than we seefrom the rest of the net combined. It's eating nontrivial bandwidthand cpu that we pay real money for. They've had our logs for months but seem incapable of doing anything about their infected customers. The suits recommend documenting time and bandwidth costs and sending a bill with a cease and desist request. My question is not what can we do about bots, we already filter these worst case networks, but what can we do to make it worthwhile for bot-providers like NETNET to police their own networks without involving lawyers?
Route them through a modem using 4800 Baud. They will very soon look what is eating their bandwidth and hopefully find those netbios packets. Blocking port 445 will prevent me from using "ssh -p 455" to reach my clients. Using 4800 baud will slow me down but it will not stop me working. Does anyone really use port 22 for ssh? I cannot use it because of all those wordbook attacks. Nobody cares to stop those. Regards, Peter and Karin Dambier -- Peter and Karin Dambier Public-Root Graeffstrasse 14 D-64646 Heppenheim +49-6252-671788 (Telekom) +49-179-108-3978 (O2 Genion) +49-6252-750308 (VoIP: sipgate.de) +1-360-448-1275 (VoIP: freeworldialup.com) mail: peter () peter-dambier de http://iason.site.voila.fr http://www.kokoom.com/iason
Current thread:
- Re: zotob - blocking tcp/445, (continued)
- Re: zotob - blocking tcp/445 Sane Jiri (Aug 16)
- Re: zotob - blocking tcp/445 MARLON BORBA (Aug 16)
- RE: zotob - blocking tcp/445 Church, Chuck (Aug 16)
- Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 16)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
- Re: zotob - blocking tcp/445 Sean Donelan (Aug 16)
- Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 16)
- Re: zotob - blocking tcp/445 Fergie (Paul Ferguson) (Aug 17)
- Re: zotob - blocking tcp/445 Roger Marquis (Aug 18)
- Re: zotob - blocking tcp/445 Bill Nash (Aug 18)
- Re: zotob - blocking tcp/445 Andy Johnson (Aug 18)
- Re: zotob - blocking tcp/445 Peter Dambier (Aug 18)
- Re: zotob - blocking tcp/445 My Name (Aug 18)