nanog mailing list archives
Re: zotob - blocking tcp/445
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Mon, 15 Aug 2005 21:29:25 +0000 (GMT)
On Mon, 15 Aug 2005, surfer () mauigateway com wrote:
NetBIOS was never meant to be a WAN protocol, so no problem in blocking it.
rule #1: do not be the Internet's Firewall rule #2: see rule #1 a leaf network can make any decisions they want on traffic filtering, large ISP's should probably not do this as there are invariably people out there that will want SNMP/ICMP/NetBIOS/SQL-NameService to work over their WAN link(S). I recall some 'fun' with this issue on: 1) slammer worm (ms has a developers thingy that REQUIRES 1434 to work over the internet) 2) welchia/nachi - how can I ping monitor my remote sites? ymmv.
For example: grc.com/su-techzone1.htm scott ----- Original Message Follows ----- From: Gadi Evron <ge () linuxbox org> To: nanog list <nanog () merit edu> Subject: zotob - blocking tcp/445 Date: Mon, 15 Aug 2005 21:51:43 +0200I heard from several different big ISP's that to stop the spread of the worm they now block tcp/445. I suppose it works. Gadi.
Current thread:
- Re: zotob - blocking tcp/445, (continued)
- Re: zotob - blocking tcp/445 Steven M. Bellovin (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Daniel Golding (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 15)
- Re: zotob - blocking tcp/445 Daniel Senie (Aug 16)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
- Re: zotob - blocking tcp/445 Shane Amante (Aug 15)
- Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 16)