nanog mailing list archives

Re: zotob - blocking tcp/445

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Wed, 17 Aug 2005 17:34:29 +0000 (GMT)



On Wed, 17 Aug 2005, William Warren wrote:


I may be off base here.  Can't an ips look at the traffic; say on 443
and figure out whether the traffic is malicious or not?  If so then let
it filter it.  I know IPS's aren't perfect, but, i would prefer this
router be taken, if available and sensible including network outage or
DDOS, than a hard block.  A quick block to mitigate and then an IPS rule


and you have an IPS that works on oc-192 SONET links? what about the
coming oc-768?

Current thread:

Re: zotob - blocking tcp/445, (continued)
- - Re: zotob - blocking tcp/445 Florian Weimer (Aug 17)
- Re: zotob - blocking tcp/445 Scott Weeks (Aug 15)
- RE: zotob - blocking tcp/445 Church, Chuck (Aug 15)
  - RE: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- RE: zotob - blocking tcp/445 Erik Amundson (Aug 15)
  - Re: zotob - blocking tcp/445 sthaug (Aug 16)
  - Re: zotob - blocking tcp/445 William Warren (Aug 17)
    - Re: zotob - blocking tcp/445 Andy Johnson (Aug 17)
    - Re: zotob - blocking tcp/445 Daniel Senie (Aug 17)
    - Re: zotob - blocking tcp/445 Petri Helenius (Aug 17)
    - Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 17)
- Re: zotob - blocking tcp/445 Sane Jiri (Aug 16)
- Re: zotob - blocking tcp/445 MARLON BORBA (Aug 16)
- RE: zotob - blocking tcp/445 Church, Chuck (Aug 16)
  - Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 16)
    - Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
    - Re: zotob - blocking tcp/445 Sean Donelan (Aug 16)
- Re: zotob - blocking tcp/445 Fergie (Paul Ferguson) (Aug 17)
- Re: zotob - blocking tcp/445 Roger Marquis (Aug 18)
  - Re: zotob - blocking tcp/445 Bill Nash (Aug 18)
  - Re: zotob - blocking tcp/445 Andy Johnson (Aug 18)

(Thread continues...)