nanog mailing list archives
Re: Port blocking last resort in fight against virus
From: Robert Raszuk <raszuk () cisco com>
Date: Wed, 13 Aug 2003 09:04:07 +0200
Sean, All Watching this thread I can't resist a question if ISPs would see any use for automated propagation of information to be filtered/blocked to all of their (and possibly) neighbours border routers ? I am sure you have noticed my & Pedro's recent draft: draft-marques-idr-flow-spec-00.txt Just checking for possible feedback of interested ISPs if any on this one ... The example listed in the draft is targeted to address DDoS, but the concept is equally applicable to virus fights as well. Thx, R.
Sean Donelan wrote: On Tue, 12 Aug 2003, Randy Bush wrote:Is it just me that feels that blocking a port which is known to be used to perform billions of scans is only proper?the second, and important part of the, question is whether there are legitimate packets to that port which want to cross your border. for 135, i am not aware of any that should cross my site's border un-tunneled.Who should determine what protocols can cross your site's border router? You or your ISP (ignoring the fact a lot of people on this list are their own ISP)? 80% or more of customers wouldn't notice if you blocked everything on their connection except HTTP/HTTPS and DNS. So why do ISPs let all the other infection laden protocols reach their customers? Fix spam - block port 25 Fix Slammer - block port 1434 Fix Blaster - block port 135 Fix KaZaA - block everything I think filters/firewalls are usefull. I believe every computer should have one. I have several. I just disagree on who should control the filters.
Current thread:
- Port blocking last resort in fight against virus Sean Donelan (Aug 12)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 12)
- Re: Port blocking last resort in fight against virus Randy Bush (Aug 12)
- Re: Port blocking last resort in fight against virus Sean Donelan (Aug 12)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 12)
- Re: Port blocking last resort in fight against virus Randy Bush (Aug 12)
- Re: Port blocking last resort in fight against virus Robert Raszuk (Aug 13)
- Re: Port blocking last resort in fight against virus Randy Bush (Aug 13)
- Re: Port blocking last resort in fight against virus Robert Raszuk (Aug 13)
- Re: Port blocking last resort in fight against virus John Kristoff (Aug 13)
- Re: Port blocking last resort in fight against virus Randy Bush (Aug 12)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 12)
- Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus Petri Helenius (Aug 13)
- Re: Port blocking last resort in fight against virus Måns Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus neal rauhauser 402-301-9555 (Aug 13)
- Re: Port blocking last resort in fight against virus Jason Houx (Aug 13)
- Message not available
- firewall == network diaper, ranting in HTML neal rauhauser 402-301-9555 (Aug 14)
- Re: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)