Firewall Wizards mailing list archives
Re: The home user problem returns
From: Mason Schmitt <mason () schmitt ca>
Date: Tue, 13 Sep 2005 15:34:23 -0700
When enough people choose to smoke, they are placing an unnecessary burden on the public medical system, thereby degrading it for everyone else.Are they? Will they really? Afterall, considering the above, they are not likely to live as long and thus not going to be within the system as long term as the non-smokers.
Are you certain of this, or is it just another version of overhype in this current time and space? Afterall, think about it a momnet, if I draw smoke directly into my lungs, and exhale and then you breath in a small fraction of what residule smoke is left, it is really more of a health issue for you in a secondary fashion then it was for me in the first intake?
I should have known better than to bring as touchy an example as this in as an analogy... You know what, I don't honestly know. I have seen reference to so many studies, so much backlash against tobacco companies, (I also really liked the movie "The Insider"...), that I have a hard time thinking it's not true, but I really didn't come here to debate smoking. I'm sorry I inadvertently pulled attention away from the topic at hand. ...snipped out my original description of my bot problem
That sure seems like a long way about trying to limit the exposures that got and get you into the fixes you find in your ISP technical position, so, let me ask here again, would it not be simpler, and likely go pretty much untocinted to the vast majority of your users to just lont allow ports 135-139, 455, and 500 and the rest of the windws specifics from leaving your periniters and even actually eliminate it on your braodcasts within?
In a word... no. We have had all those filters in place for a long time. They don't do dick when faced with a bot that comes in via a p2p download or IM download that then sets up shop and decides to go after your relay rather than trying to do direct-to-mx zombie spamming. The bot problem is an insidious one and they are getting smarter. Seems that would be far less work and likely with
the ingress and egress filtering eliminate 90% of the issues that hit you and your user base, would it not?
It's not even remotely close to 90% unfortunately.
and certainly without the support overhead of the vast majority of the plans and solutions you are trying to impliment, yes?
I'm going the extra distance (and I imagine all ISPs are going to be in a similar boat) because I'm forced to and because I know that if I don't start the hardening process now, I'm going to get burnt badly and have to scramble for a solution later.
My question to the rest of the list remains: how much would an ISP suffer if they invoked such policies?
Not at all. It's a great start to improving the situation - something that all ISPs should be undertaking asap. It would sure help cut down on the amount of worm traffic on the net. Take a look at dshield sometime for an idea of how much those simple rules would help.
and invoked such policies with the hitting those that request to be allowed to avoid those limitaions with a service expansion and extra hit from the pocketbook?
That's unlikely to happen. Why would someone pay extra for such a thing?
Rather then give it all away under the basic pricing infrastructure, you make those that wish for the "addon risks" pay for it.
Again, all the things I'm talking about have little to no negative impact on customers. In fact, here's the current list from our router (my boss cleared this). There's no harm in disclosing this, because anyone that wants to go after our customers can use any of the other thousands of ports that are open - these are just to block the common automated crap. # Microsoft stuff tcp 42 # WINS udp 42 tcp 135 # epmap (blaster worm) udp 135 tcp 137:139 # SMB udp 137:139 tcp 445 # win2k SMB udp 445 # not really necessary, but... tcp 1433:1434 # ms-sql udp 1433:1434 udp 1900 # UPnP service announcement traffic # Worms/Trojans tcp 1022:1023 # New Sasser Variant tcp 2745 # Bagel/beagle backdoor udp 2745 tcp 3127 # Mydoom tcp 3129:3199 # Mydoom udp 3127:3199 tcp 5554 # Sasser ftp tcp 6129 # Dameware tcp 9996 # Sasser backdoor tcp 9898 # Dabber backdoor tcp 27374 # some trojans -- Mason _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The home user problem returns, (continued)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns David Lang (Sep 14)
- Re: The home user problem returns mason (Sep 14)
- Re: The home user problem returns David Lang (Sep 14)
- RE: The home user problem returns Bill Royds (Sep 13)
- RE: The home user problem returns Hile . William (Sep 22)
- RE: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns lordchariot (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns hermit921 (Sep 13)
- RE: The home user problem returns Jim Seymour (Sep 13)
- Mitigating MS risks [Was: home users] Tina Bird (Sep 14)
- RE: The home user problem returns StefanDorn (Sep 22)