nanog mailing list archives
Re: Is it time to block all Microsoft protocols in the core?
From: "Jack Bates" <jbates () brightok net>
Date: Mon, 27 Jan 2003 04:24:21 -0600
From: "Darren Pilgrim"
Sean Donelan wrote:Should ISPs start blocking all Microsoft protocols in self-defense?I don't think it's so much of a problem of programs opening listen sockets as it is a problem of admins not properly controlling their networks and a certain software company pushing insecure features like printing over the internet that refuse to work from behind a firewall and have no direct proxy support.
This is the exact reason why any arguments to management to block NETBIOS have failed. The reasons it is rejected are always the same: a) We're not responsible for our users getting infected through their own ignorance b) Some of our users refuse to use VPN or lack the knowledge to effectively use it and want to use NETBIOS services over the Internet c) We buy Cisco 5200's in mass volume because they support our rural networks better than any other modem bank we've tried (welcome to Oklahoma :) and the processor on this wonderful piece of hardware will not support the overhead of using a per user access-list methodology to filter the majority and whitelist those who need the service. If anyone has good recommendations for a strategy of getting around these arguments, I'd love to hear it. I personally want to protect my users from their own ignorance, particularly where NETBIOS is concerned. While win32 unbinds it from dialups in some cases, I'm still finding even the newer OS's binding on the dialups. I'm not sure why this is, but I suspect that virus infection in my network is coming from methods other than email; although my email protections do have bugs (need to fix those this week). Jack Bates Network Engineer BrightNet Oklahoma
Current thread:
- Anybody doing a "Code Green" for 1434? Stewart, William C (Bill), SALES (Jan 26)
- Re: Anybody doing a "Code Green" for 1434? Valdis . Kletnieks (Jan 26)
- Re: Anybody doing a "Code Green" for 1434? Brian Wallingford (Jan 26)
- RE: Anybody doing a "Code Green" for 1434? Phil Rosenthal (Jan 26)
- Is it time to block all Microsoft protocols in the core? Sean Donelan (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? Darren Pilgrim (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? Jack Bates (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? Rubens Kuhl Jr. (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? alex (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? E.B. Dreger (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? alex (Jan 27)
- RE: Anybody doing a "Code Green" for 1434? Phil Rosenthal (Jan 26)
- Re: Is it time to block all Microsoft protocols in the core? E.B. Dreger (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? alex (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? E.B. Dreger (Jan 27)
- Re: Is it time to block all Microsoft protocols in the core? Joe Abley (Jan 28)
- Re: Is it time to block all Microsoft protocols in the core? David Charlap (Jan 28)
- Re: Is it time to block all Microsoft protocols in the core? Joe Abley (Jan 28)