nanog mailing list archives
Re: zotob - blocking tcp/445
From: Shane Amante <shane () castlepoint net>
Date: Mon, 15 Aug 2005 20:05:30 -0600
Chris, This isn't directed at you, just adding my 2 cents to the thread ... On Aug 15, 2005, at 3:29 PM, Christopher L. Morrow wrote:
On Mon, 15 Aug 2005, surfer () mauigateway com wrote:NetBIOS was never meant to be a WAN protocol, so no problem in blocking it.rule #1: do not be the Internet's Firewall rule #2: see rule #1
That should definitely be on a T-shirt. :-)
a leaf network can make any decisions they want on traffic filtering,large ISP's should probably not do this as there are invariably people out there that will want SNMP/ICMP/NetBIOS/SQL-NameService to work over theirWAN link(S). I recall some 'fun' with this issue on: 1) slammer worm (ms has a developers thingy that REQUIRES 1434 to work over the internet) 2) welchia/nachi - how can I ping monitor my remote sites? ymmv.
Leaf network filtering (or not) is largely solved. Keep in mind, some SP's sell "Managed Security Services," which may be PE- or CE- based firewalls, but run by the SP on behalf of the customer. If the customer cares enough, then ask and/or pay the SP to block the traffic they don't want, only on their access circuit(s). Presumably, the SP will figure out a model for the service to both instantiate and maintain the filter(s) as well as recoup costs for backhauled bits that get dropped at, or near, the doorstep of the CE. (Note, the word "model" could mean an additional charge above & beyond basic access or it may be included as part of basic access -- it all depends on how much work, sophistication in filtering, etc. occurs as well as what the market can bear).
In this case, one size (a.k.a.: filtering) does not (easily) fit all ... -shane
Current thread:
- Re: zotob - blocking tcp/445, (continued)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Daniel Golding (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 15)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 15)
- Re: zotob - blocking tcp/445 Daniel Senie (Aug 16)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
- Re: zotob - blocking tcp/445 Shane Amante (Aug 15)
- Re: zotob - blocking tcp/445 Valdis . Kletnieks (Aug 15)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 16)