Re: Port blocking last resort in fight against virus

["Christopher L. Morrow" <chris () UU NET>]

On Tue, 12 Aug 2003, Jack Bates wrote:

> Christopher L. Morrow wrote:
>
> > If people want to use the network they need to take the responsibility and
> > patch their systems. Blocking should really only be considered in very
> > extreme circumstances when your network is being affected by the problem,
> > or if the overall threat is such that a short term network-wide block
> > would help get over the hump.
>
> Correct, and that's what I consider this; a short term network-wide
> block that would help get over the hump. While my network is stable,
> that doesn't mean everyone being scanned is stable. There are
> undoubtably DOS conditions caused by this worm.

Each local network should make this decision on their own, the backbone
should really only get involved if there is a real crisis. The local
network has the ability to determine if the ports/protocols are being used
legitimately, not the backbone. Just cause you'd have to be insane to use
MS shares over the open internet doesn't mean there aren't people doing it
:( (or selling Exchange mailboxes over it too apparently?).

So, if in YOUR network you want to do this blocking, go right ahead, but I
wouldn't expect anyone else to follow suit unless they already determined
there was a good reason for themselves to follow suit. As an aside, a day
or so of 5 minutely reboots teaches even the slowest user to find a
firewall product and upgrade/update their systems, eh?