ISPs Could Block Ports to Reduce Spread of Malware

[InfoSec News <isn () c4i org>]

Forwarded from: Mark Bernard <mbernard () nbnet nb ca>

Dear Associates,

I do not agree with this recommendation for two reasons, see below:

First off, what about all the legitimate uses for these ports? This
strategy would in fact reduce and/or eliminate the functionality of
thousands of computers around the world. Functionality that has
already been sold and paid for.

Secondly, this strategy in fact removes accountability from where it
belongs, the computer user. It is reminiscent of the early dark-days
of the Internet when the law makers didn't know how to assess damages
caused by through Internet connections so they made ISPs accountable.
That was a desperate maneuver that failed!

I think the people at SANS who came up with this recommendation had
better check 'the-old-wet-ware' because I think that's its been
infected by a Federal strength virus....

I believe that a more acceptable approach would be to establish
national information security standards the manufacturers must adhere
to when selling hardware. This approach would keep the accountability
with the client unless of course the manufacturer didn't follow the
standards then they would be help accountable to some extent.


Regards,
Mark. 

 

----------
 --ISPs Could Block Ports to Reduce Spread of Malware (8 September 2003)

A report written by Johannes Ullrich, SANS Internet Storm Center CTO,
proposes that Internet service providers (ISPs) block access to
"commonly exploited" communications ports on customers' computers.
While it would not prevent all Internet threats, it could address a
bulk of the problems.  The four ports, 135, 137, 139 and 445, are not
necessary for most Internet use.  The proposal is aimed at ISPs that
serve individual customers and universities, not those that serve
corporate customers.

http://www.nwfusion.com/edge/news/2003/0908studyisps.html
http://www.sans.org/rr/special/isp_blocking.pdf

[Editor's Note (Ranum): It's good that we are finally reinventing
"default deny"! Historically, though, this has been countered by
unsupported claims of reduced performance due to router filtering
rules]


---------

Regards,
Mark.


Mark E. S. Bernard, CISM,
Apollo Computer Consultants Inc.

email: Mark.Bernard.CISM () apollo-cc com
Web site: www.apollo-cc.com

Phone: (506) 375-6368

Information Security Notice: 
This e-mail is classified as private and is intended for use by the
sender and recipient "only". Unauthorized access to this e-mail will
be dealt with in accordance with the Canadian charter of rights and
freedoms section 7 and 8. Link; http://laws.justice.gc.ca/en/charter/



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.