Re: zotob - blocking tcp/445

[Daniel Golding <dgolding () burtongroup com>]

On 8/15/05 4:46 PM, "Randy Bush" <randy () psg com> wrote:

> > > > I'm not nearly confident enough to decide on behalf of almost
> > > > billion other people how they should benefit from the Internet
> > > > and how not to.
> > > thanks for that!
> > Indeed.  Also see
> > http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
>
> as i just replied to a private message from an enterprise op,
>
>   o backbone isps can not set their customers' security policy
>     - some customers want to run billyware shares over the wan
>       whether we advise it or not
>     - some of us host security researchers, who have a taste
>       for 445 and other nasty traffic

While its not uncommon to run SMB/Windows file system drive mounts across
private WANs, doing so across the Internet, on a non-encrypted tunnel, is
the equivalent of running with scissors.

I am unaware of any enterprise security folks foolish enough to allow that.
Of course, I may be sheltered.

(as an aside - running windows file system mounts across enterprise WANs is
so common that there are WAN optimization devices that improve remote disk
mount performance via protocol spoofing)

- Dan



>   o enterprise / site ops can set their users' security policies
>     as that's part of their job and charter
>
> randy