nanog mailing list archives
Re: zotob - blocking tcp/445
From: Andy Johnson <andyjohnson () ij net>
Date: Wed, 17 Aug 2005 11:43:22 -0400
I think the point of many on this list is, they are a transit provider, not a security provider. They should not need to filter your traffic, that should be up to the end user/edge network to decide for themselves.
Additionally, content filtering is great for those type of end-user folks, as this solution wouldn't be so difficult to scale for their traffic volumes. However, trying to content filter a transit provider is probably not a great idea.
William Warren wrote:
I may be off base here. Can't an ips look at the traffic; say on 443 and figure out whether the traffic is malicious or not? If so then let it filter it. I know IPS's aren't perfect, but, i would prefer this router be taken, if available and sensible including network outage or DDOS, than a hard block. A quick block to mitigate and then an IPS rule installed AFTER through investigation of the traffic could lessen the load and maybe eliminate the malicious traffic without having to use a hard block. I know most here prefer not to..i am not saying this is a let's block is all thread, just trying to throw out something i do not see being discussed.
Current thread:
- Re: zotob - blocking tcp/445, (continued)
- Re: zotob - blocking tcp/445 routerg (Aug 18)
- Fwd: zotob - blocking tcp/445 My Name (Aug 18)
- Re: zotob - blocking tcp/445 (Aug 18)
- Re: zotob - blocking tcp/445 Florian Weimer (Aug 17)
- Re: zotob - blocking tcp/445 Scott Weeks (Aug 15)
- RE: zotob - blocking tcp/445 Church, Chuck (Aug 15)
- RE: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- RE: zotob - blocking tcp/445 Erik Amundson (Aug 15)
- Re: zotob - blocking tcp/445 sthaug (Aug 16)
- Re: zotob - blocking tcp/445 William Warren (Aug 17)
- Re: zotob - blocking tcp/445 Andy Johnson (Aug 17)
- Re: zotob - blocking tcp/445 Daniel Senie (Aug 17)
- Re: zotob - blocking tcp/445 Petri Helenius (Aug 17)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 17)
- Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 16)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
- Re: zotob - blocking tcp/445 Sean Donelan (Aug 16)