nanog mailing list archives
RE: zotob - blocking tcp/445
From: "Church, Chuck" <cchurch () netcogov com>
Date: Mon, 15 Aug 2005 22:43:17 -0500
'enterprise security folks' are probably not the issue... The fact
remains
that lots of folks DO do this :( There are quite a few folks between 'consumer' and 'enterprise' that do all manner of dumb things on the Internet (where 'dumb' is equivalent to running smb shares across the public network minus encryption/ipsec). It's their choice to do that,
and
their network providers are expected/demanded to pass those packets for them.
-Chris
Surely the ratio of 'useful' traffic compared to 'junk' for a particular protocol must be considered. What percentage of netbios entering a service provider's edge is intentional? 1%? 0.1%? I'm guessing much less than that. If 5 or 6 nines worth of a particular protocol entering or leaving an ISP's network is unintentional, and highly susceptible to viral activity, isn't it in our best interest to block it? With proper notification to subscribers and instructions on setting up host-to-host PPTP/whatever, blocking netbios can solve a large bunch of issues.... Just my .02 though, Chuck
Current thread:
- Re: zotob - blocking tcp/445, (continued)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 16)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 16)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 16)
- Re: zotob - blocking tcp/445 routerg (Aug 17)
- Re: zotob - blocking tcp/445 James Baldwin (Aug 18)
- Re: zotob - blocking tcp/445 routerg (Aug 18)
- Fwd: zotob - blocking tcp/445 My Name (Aug 18)
- Re: zotob - blocking tcp/445 (Aug 18)
- RE: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 sthaug (Aug 16)
- Re: zotob - blocking tcp/445 William Warren (Aug 17)
- Re: zotob - blocking tcp/445 Andy Johnson (Aug 17)
- Re: zotob - blocking tcp/445 Daniel Senie (Aug 17)
- Re: zotob - blocking tcp/445 Petri Helenius (Aug 17)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 17)