On Wed, 13 Aug 2003, Mans Nilsson wrote:
Even in an imperfect world, the solution lies in the edge, not even
the CPE, but the end node, if you want to do more than pathetic
bandaiding of the inherent problem of insecure applications on end
nodes.
This is the point, atleast I, have been
On Wed, 13 Aug 2003, Stephen J. Wilcox wrote:
Or the dumb [wannabee] IT guy runs some telnet/ftp/filesharing service without
passwords and its ok for the whole world to access the private system coz its
his fault?
there are other actions to be taken... termination being high on that
list.
There is legitimate traffic on 135. All users I've talked to have been
We started blocking 135-139 and 445 a week ago... we got one complaint,
and added an exception for those two ip addresses (one remote/one local).
We're just a small regional ISP, but we've seen little real use
of these
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of McBurnett, Jim
... I really can not image
legitimate traffic on 135..
My problem with this approach is that, in 1985, you could have said I
really cannot imagine legitimate traffic on port 80.
(On the other hand, you could
On Tue, 12 Aug 2003, Sean Donelan wrote:
I think filters/firewalls are usefull. I believe every computer should
have one. I have several. I just disagree on who should control the
filters.
in your opinion who should control them? (just curious)
I've been looking at out traffic graphs and trying to decide if traffic
really is down 10-15% over the last 24 hours or it's just my imagination.
I would say 5-10% below where it should be taking into account seasonal
variations, it´s within the error margin, but barely.
Pete
On Wed, 13 Aug 2003, Mans Nilsson wrote:
Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13,
2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]):
Sorry I see where you're coming from on this but firewalls are more than just
patches
On Wed, 13 Aug 2003, Petri Helenius wrote:
Mans Nilsson wrote:
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12,
2003 at 10:42:38PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]):
I think filters/firewalls are useful. I believe every computer
--On Wednesday, August 13, 2003 11:00:56 +0300 Petri Helenius
[EMAIL PROTECTED] wrote:
I think filters/firewalls are useful. I believe every computer should
have one.
Firewalls are a patch to broken network application architechture. If
your applications would have been properly designed,
* [EMAIL PROTECTED] (Stephen J. Wilcox) [Wed 13 Aug 2003, 10:58 CEST]:
In your world DoS traffic would be free to roam the networks as it
pleased without being throttled sensibly at ingress?
How many people are actually following RFC3514? (In other words, how do
you separate DoS traffic from
On Tue, 12 Aug 2003, Randy Bush wrote:
Is it just me that feels that blocking a port which is known to be used
to perform billions of scans is only proper?
the second, and important part of the, question is whether there
are legitimate packets to that port which want to cross your border.
Mans Nilsson wrote:
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, 2003 at 10:42:38PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]):
I think filters/firewalls are useful. I believe every computer should
have one. I have several. I just disagree on who
Is it just me that feels that blocking a port which is known to be used
to perform billions of scans is only proper?
the second, and important part of the, question is whether there
are legitimate packets to that port which want to cross your border.
for 135, i am not aware of any that should
On Tue, 12 Aug 2003, Sean Donelan wrote:
This is the first trade publication I've seen that's covered some
of the issues with ISPs blocking or not blocking ports.
Port blocking last resort in fight against virus
Long term problems can be caused by port blocking
by Paul Brislen and James
: Re: Port blocking last resort in fight against virus
Subject: Re: Port blocking last resort in fight against virus Date: Tue,
Aug 12, 2003 at 10:36:12AM -0500 Quoting Jack Bates
([EMAIL PROTECTED]):
Is it just me that feels that blocking a port which is known to be
used
to perform billions
Spoken like a true advocate! And I have had the same experience since
joining OpenBSD back in 2.6 ;-) its only getting better. spamd, pf,
altq, and snort all very nice. I have one desktop at home running 3.3
--current too and no complaints even with following bleeding edge. I hope
OpenBSD
the second, and important part of the, question is whether there
are legitimate packets to that port which want to cross your border.
for 135, i am not aware of any that should cross my site's border
un-tunneled.
On Wed, 13 Aug 2003, Jack Bates wrote:
Christopher L. Morrow wrote:
This is the point, atleast I, have been trying to make for 2 years... end
systems, or as close to that as possible, need to police themselves, the
granularity and filtering capabilities (content filtering even) are
Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003
at 10:14:22AM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]):
What if the people running the boxes are irresponsible, perhaps even harboring
malicious intent
surely, you have an AUP? Then, null0
Christopher L. Morrow wrote:
If people want to use the network they need to take the responsibility and
patch their systems. Blocking should really only be considered in very
extreme circumstances when your network is being affected by the problem,
or if the overall threat is such that a short
Mans Nilsson wrote:
Your chosen path is a down-turning spiral of kludgey dependencies,
where a host is secure only on some nets, and some nets can't cope
with the load of all administrative filters (some routers tend to
take port-specific filters into slow-path). That way lies madness.
Secure?
On Wed, 13 Aug 2003 09:10:32 +0200
Robert Raszuk [EMAIL PROTECTED] wrote:
That is fine. The amount of information to be carried is easily
extensible. So if you can help us to determine the required fields we
will be more then glad to add them.
Deploying this as a signalling protocol that is
]
Subject: RE: Port blocking last resort in fight against virus
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of McBurnett, Jim
... I really can not image
legitimate traffic on 135..
My problem with this approach is that, in 1985, you could have said I
really cannot imagine
In message [EMAIL PROTECTED], Chris
topher L. Morrow writes:
This is the point, atleast I, have been trying to make for 2 years... end
systems, or as close to that as possible, need to police themselves, the
granularity and filtering capabilities (content filtering even) are
available at that
On Wed, 13 Aug 2003, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Chris
topher L. Morrow writes:
This is the point, atleast I, have been trying to make for 2 years... end
systems, or as close to that as possible, need to police themselves, the
granularity and filtering
Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003
at 09:57:56AM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]):
Sorry I see where you're coming from on this but firewalls are more than just
patches to broken OS's.
In your world DoS traffic would
Måns Nilsson wrote:
Firewalls are a patch to broken network application architechture. If
your applications would have been properly designed, you would not have
the need for firewalls. They are for perimeter defence only anyway.
Right on - if you can't plug a machine directly in to
bellovin et al. have shown that the signaling protocol needs to convey
far more characterization than you propose.
randy
So give up trying to control the actions of the end nodes by
destroying the edge. Make sure that complaints reach the correct
responsible person. Limit your involvement to careful excerpts from
your customer/IP-address database, or better yet, register them in
the RIR registry so that others
Subject: RE: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003
at 02:22:38PM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]):
In fact it is not that effective, unfortunately the end user tends not to
understand the emails they receive and ignores them
Probably
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, 2003
at 10:42:38PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]):
I think filters/firewalls are useful. I believe every computer should
have one. I have several. I just disagree on who should control
On 8/12/2003 at 12:40:19 -0400, McBurnett, Jim said:
who in there right mind would pass NB traffic in the wild?
That's the problem; not all customers are in their right mind. All
they know is that it was working yesterday, and not today, because you
blocked a port.
The question of port
That is fine. The amount of information to be carried is easily
extensible. So if you can help us to determine the required fields we
will be more then glad to add them.
R.
Randy Bush wrote:
bellovin et al. have shown that the signaling protocol needs to convey
far more characterization
Christopher L. Morrow wrote:
So, if in YOUR network you want to do this blocking, go right ahead, but I
wouldn't expect anyone else to follow suit unless they already determined
there was a good reason for themselves to follow suit. As an aside, a day
or so of 5 minutely reboots teaches even the
, 2003 12:40 PM
To: Jack Bates; Mans Nilsson
Cc: [EMAIL PROTECTED]
Subject: RE: Port blocking last resort in fight against virus
Jack, et al.
As a larger than average end user and what could
be called a small ISP, I really can not image
legitimate traffic on 135..
who in there right mind would pass
.
Can someone enlighten me? What is legitimate 136 traffic?
J
-Original Message-
From: Jack Bates [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 12:31 PM
To: Mans Nilsson
Cc: [EMAIL PROTECTED]
Subject: Re: Port blocking last resort in fight against virus
Mans Nilsson wrote
- Original Message -
From: Dave Israel [EMAIL PROTECTED]
To: McBurnett, Jim [EMAIL PROTECTED]
Cc: Jack Bates [EMAIL PROTECTED]; Mans Nilsson [EMAIL PROTECTED]; [EMAIL
PROTECTED]
Sent: Tuesday, August 12, 2003 12:00
Subject: RE: Port blocking last resort in fight against virus
On 8
Sean Donelan wrote:
http://computerworld.co.nz/webhome.nsf/UNID/BEC6DE12EC6AE16ECC256D8000192BF7!opendocument
While some end users are calling for ISPs to block certain ports relating
to the Microsoft exploit as reported yesterday (Feared RPC worm starts to
spread), most ISPs are reluctant to do
38 matches
Mail list logo
