nanog mailing list archives
Re: Port blocking last resort in fight against virus
From: Jack Bates <jbates () brightok net>
Date: Tue, 12 Aug 2003 11:31:22 -0500
Mans Nilsson wrote:
Secure? Who's talking about secure? I'm talking about trash. Not blocking the port with a large group of infected users means that your network sends trash to other people's networks. Those networks may or may not have capacity to mean your network's trash.Your chosen path is a down-turning spiral of kludgey dependencies, where a host is secure only on some nets, and some nets can't cope with the load of all administrative filters (some routers tend totake port-specific filters into slow-path). That way lies madness.
Temporarily blocking 135 is not about security. A single infection within a local net will infect all vulnerable systems within that local net. A block upstream will not save local networks from cross infecting. However, it does stop your network from sending the trash out to other networks which may have smaller capacities than your network does.
Of course, perhaps a good neighbor doesn't really care about other people's networks? Perhaps there is no such thing as a good neighbor. It's kill or be killed, and if those other networks can't take my user's scanning them, then tough!
There is legitimate traffic on 135. All users I've talked to have been understanding in a short term block of that port. They used alternative methods. I have a lot of valid traffic still cranking out the other Microsoft ports.
-Jack
Current thread:
- Re: Port blocking last resort in fight against virus, (continued)
- Re: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
- Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 13)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
- Re: Port blocking last resort in fight against virus Petri Helenius (Aug 13)
- Re: Port blocking last resort in fight against virus Niels Bakker (Aug 13)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
- RE: Port blocking last resort in fight against virus Bob German (Aug 12)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 12)
- Re: Port blocking last resort in fight against virus mike harrison (Aug 12)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 12)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 12)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 12)
- Re: Port blocking last resort in fight against virus Petri Helenius (Aug 12)
- RE: Port blocking last resort in fight against virus Dave Israel (Aug 12)
- Re: Port blocking last resort in fight against virus John Palmer (Aug 12)