nanog mailing list archives
Re: zotob - blocking tcp/445
From: James Baldwin <jbaldwin () antinode net>
Date: Thu, 18 Aug 2005 09:45:32 -0400
On Aug 17, 2005, at 11:03 PM, routerg wrote:
What if you are a transit provider that serves ebay, yahoo, and/or google and the worm is propogating over TCP port 80?
No one is suggesting that anyone suspend reason when making a decision to temporarily, or permanently for that matter, block packets with a specific port setting. It is a unreasonable stretch to imagine a transit provider, serving Ebay, Yahoo, and/or Google, who will have a staff unreasonable enough to block TCP/80 to halt a virus from spreading.
Where will the filtering end?
The "slippery slope" defense has never stood in logical arguments, I don't understand why it should stand anywhere else. Once again, no on is asking anyone to suspend reason when making decisions. No on is making the statement "You must block ports used by virii of any magnitude, permanently without thought or investigation.". It was suggested that for outbreaks of significant size and severity, networks should issue temporary blocks on ports with little legitimate use. Expanding that suggestion to encompass more is being disingenuous to the original intent of the suggester
Is your NSP/ISP responsible for filtering virii, spam, phishing?
ISPs are held accountable by their customers, whether rightfully or wrongfully, for virii, spam, and phishing. Customers expect their ISP to investigate, filter, and otherwise secure their connection.
We are held accountable for the traffic we source. I feel comfortable exercising some caution with traffic which is destined to me, especially if it is going to create an issue where other networks will hold me accountable for the fallout.
As someone eluded to earlier in the thread, customers expect to receive the traffic they want, and they expect their provider to prevent that which they did not request. Problems, support calls, and differences of opinion happen on the edge where those desires are not codified.
Current thread:
- Re: zotob - blocking tcp/445, (continued)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 16)
- blocking: What, How, Where Peter Dambier (Aug 16)
- Re: zotob - blocking tcp/445 Joe Maimon (Aug 16)
- Re: zotob - blocking tcp/445 Petri Helenius (Aug 16)
- Re: zotob - blocking tcp/445 Christopher L. Morrow (Aug 16)
- Re: zotob - blocking tcp/445 Sean Donelan (Aug 16)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 16)
- Re: zotob - blocking tcp/445 Randy Bush (Aug 16)
- Re: zotob - blocking tcp/445 Gadi Evron (Aug 16)
- Re: zotob - blocking tcp/445 routerg (Aug 17)
- Re: zotob - blocking tcp/445 James Baldwin (Aug 18)
- Re: zotob - blocking tcp/445 routerg (Aug 18)
- Fwd: zotob - blocking tcp/445 My Name (Aug 18)
- Re: zotob - blocking tcp/445 (Aug 18)
- RE: zotob - blocking tcp/445 Christopher L. Morrow (Aug 15)
- Re: zotob - blocking tcp/445 sthaug (Aug 16)
- Re: zotob - blocking tcp/445 William Warren (Aug 17)