Johannes Ullrich wrote:
Charge the same and take your 'abuse' team out for lunch on the change
you save by blocking the ports ;-)
We were looking at blocking 25 outbound except to designated servers as
well for many of our dialup and broadband customers. Those with the
service get the benefit of
Gerardo Gregory wrote:
these ports. The "internet" in itself is nothing more than a
communications link, and the ISP's are providers to this link. The
purpose of which is the exchange of information over a "public" medium.
You want an ISP to begin filtering at the 4th layer (OSI
Reference...y
On Thursday, Sep 4, 2003, at 09:59 Canada/Eastern, Ian Mason wrote:
The best diagnostic tool I've ever had is a script I cobbled together
over two hours one night. Once an hour, it simply collected all the
router configs across the network, did a 'diff' between the current
and last config, an
At 22:30 03/09/2003, Rob Thomas wrote:
[snip]
effects. We all know better. Bugs aren't restricted only to
products from Redmond, typos happen, and the performance hit can
be quite painful.
In my experience more network downtime is caused by configuration errors
that all other causes together.
T
> While non-techies can be a support challenge, I find the greatest
> challenges and demands come from the very techie customers. These
> are the same customers that don't want to hear "the outage happened
> because we put a new filter on the peering router...to protect you
> from outages caused
Rob Thomas <[EMAIL PROTECTED]> writes:
;; Hi, Johannes.
;;
;; ] Its hard these days. But I HIGHLY recommend for everyone to get out of
;; ] your server closets, enjoy the sun, and talk to non-techies once in a
;; ] while. Or: spend a couple hours answering the front end customer s
> > Once upon a time there was a proposal for a protocol which allowed
> > clients to
> > push a filter configuration to the edge router to both classify traffic
> > and filter
> > unneeded things.
> Nice idea. I am sure clients will figure that out. As quickly as they
> caught on to 'Windows Up
But should the end user pay for the faults?
The end user is angry because lashing out at the manufacturer gets you
routed to a null interface :)
why should the ISP pay? (Now that is the question)
They already pay
for the software and the Internet connection.
Do you call Microsoft when your
Hi, Johannes.
] Its hard these days. But I HIGHLY recommend for everyone to get out of
] your server closets, enjoy the sun, and talk to non-techies once in a
] while. Or: spend a couple hours answering the front end customer support
] calls if you can't remember where you parked your car.
While
> Sorry... "Millions of vulnerable users" are only vulnerable
> because those users chose to run vulnerable systems.
no, they chose to run popular/... systems. they do not know
what vulnerable means, let alone how to judge it. pinto owners
did not make a conscious choice of buying a bomb.
rand
> you mean like 'using a computer' ?
hehe... yes! if you insert the word "securely" at the end.
Case in point: I helped my neighbor last weekend to diagnose a printer
issue. Another problem he had was that his computer always "rebooted"
and never "shut down". He just never read/understood the s
Johannes Ullrich wrote:
90% + of internet users do use MSFT Windows. So I don't think you have a
choice other than to "live with it".
I wonder if there would be a market for "Windows Outside" ISP.
Pete
On Wed, 3 Sep 2003, Johannes Ullrich wrote:
>
>
> > Once upon a time there was a proposal for a protocol which allowed
> > clients to
> > push a filter configuration to the edge router to both classify traffic
> > and filter
> > unneeded things.
>
> Nice idea. I am sure clients will figure that
Owen,
Owen DeLong wrote:
Sorry... "Millions of vulnerable users" are only vulnerable because those
users chose to run vulnerable systems. They have the responsibility to
do what is necessary to correct the vulnerabilities in the systems they
chose to run.
Most of them don't know any better than
> No. ISPs should not block ports unless they are listed in the AUP as
> non-permitted traffic or it is a necessary and temporary remedial action
> for a service-affecting problem.
I fully agree that ISPs should include the list of blocked ports in
their AUP. (somewhere in the paper it mentio
> > Even on Windows they can be used in a much safer fashion (although I would
> > never attempt it for any of my stuff). It is possible to use IPSec policies
> > on 2000 and higher to encrypt all traffic on specified ports to specified
> > hosts/networks and block all other traffic. I bet some
> Once upon a time there was a proposal for a protocol which allowed
> clients to
> push a filter configuration to the edge router to both classify traffic
> and filter
> unneeded things.
Nice idea. I am sure clients will figure that out. As quickly as they
caught on to 'Windows Update' and '
> > Some businesses have create an entire industry of outsourcing Exchange
> > service which need all their customers to be able to use those ports.
>
> So should everyone else be required to keep their doors open so they can
> offer the service? Who is wrong/right? Millions of vulnerable users t
Johannes Ullrich wrote:
Well, if '100%' includes all the garbage traffic generated by the
worm d'jeur. On my home cable modem connection, about 80% of the
packets hitting my firewall are 'junk'. Maybe I would be able
to actually share files unencrypted using MSFT file sharing. If I can
manage to i
There are 10 kinds of people in the world. Those who understand binary
and those that don't.
ISPs should either block the mentioned ports, or send out bills in
binary.
No. ISPs should not block ports unless they are listed in the AUP as
non-permitted traffic or it is a necessary and temporary rem
> That depends if you are buying the 100% internet or 99.993% internet
> service.
Well, if '100%' includes all the garbage traffic generated by the
worm d'jeur. On my home cable modem connection, about 80% of the
packets hitting my firewall are 'junk'. Maybe I would be able
to actually share fi
--On Wednesday, September 3, 2003 3:11 PM -0400 Johannes Ullrich
<[EMAIL PROTECTED]> wrote:
Some businesses have create an entire industry of outsourcing Exchange
service which need all their customers to be able to use those ports.
So should everyone else be required to keep their doors ope
> Even on Windows they can be used in a much safer fashion (although I would
> never attempt it for any of my stuff). It is possible to use IPSec policies
> on 2000 and higher to encrypt all traffic on specified ports to specified
> hosts/networks and block all other traffic. I bet some people
Johannes Ullrich wrote:
So should everyone else be required to keep their doors open so they can
offer the service? Who is wrong/right? Millions of vulnerable users that
need some basic protection now, or a few businesses?
That depends if you are buying the 100% internet or 99.993% internet
se
-
From: "Sean Donelan" <[EMAIL PROTECTED]>
To: "Johannes Ullrich" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 03, 2003 1:51 PM
Subject: Re: What do you want your ISP to block today?
>
> On Wed, 3 Sep 2003, Johannes Ullrich wrot
On Wed, 2003-09-03 at 14:53, Matthew Kaufman wrote:
> I just read the paper... Sounds like as an ISP, I should offer a new product
> "The Internet Minus Four Port Numbers Microsoft Can't Handle." What I can't
> tell is whether this should cost more or less than "The Internet"
Charge the same and
> Some businesses have create an entire industry of outsourcing Exchange
> service which need all their customers to be able to use those ports.
So should everyone else be required to keep their doors open so they can
offer the service? Who is wrong/right? Millions of vulnerable users that
need
At 02:51 PM 9/3/2003, Sean Donelan wrote:
On Wed, 3 Sep 2003, Johannes Ullrich wrote:
> I just summarized my thoughts on this topic here:
> http://www.sans.org/rr/special/isp_blocking.php
>
> Overall: I think there are some ports (135, 137, 139, 445),
> a consumer ISP should block as close to the
I just read the paper... Sounds like as an ISP, I should offer a new product
"The Internet Minus Four Port Numbers Microsoft Can't Handle." What I can't
tell is whether this should cost more or less than "The Internet"
Matthew Kaufman
> On Behalf Of Johannes Ullrich:
>
> I just summarized my th
On Wed, 3 Sep 2003, Johannes Ullrich wrote:
> I just summarized my thoughts on this topic here:
> http://www.sans.org/rr/special/isp_blocking.php
>
> Overall: I think there are some ports (135, 137, 139, 445),
> a consumer ISP should block as close to the customer as
> they can.
If ISPs had block
I just summarized my thoughts on this topic here:
http://www.sans.org/rr/special/isp_blocking.php
Overall: I think there are some ports (135, 137, 139, 445),
a consumer ISP should block as close to the customer as
they can.
One basic issue is that people discussing this topic on
mailing lists
On Tue, 02 Sep 2003 13:34:10 PDT, David Schwartz said:
> Umm, makers of free software have to do this too. Even people who place
> software in the public domain have to do this. This has nothing to do with
> compensation and has more to do with nuisance.
Umm.. if you explicitly put it in th
On Tue, 2 Sep 2003, David Schwartz wrote:
> this will be my last reply.
David, since all your arguments are variations on "You think you know
better than anyone else what they need" (whereby you, supposedly, extoll
virtues of a system which you don't yourself think is the best one) I do
concur
This isn't the best forum for this discussion, so this will be my last
reply.
> On Mon, 1 Sep 2003, David Schwartz wrote:
>
> > > When you don't have liability you don't have to worry about quality.
> > >
> > > What we need is lemon laws for software.
> > That would destroy the free
On Mon, 1 Sep 2003, David Schwartz wrote:
> > When you don't have liability you don't have to worry about quality.
> >
> > What we need is lemon laws for software.
>
> That would destroy the free software community. You could try to exempt
> free software, but then you would just succeed
> When you don't have liability you don't have to worry about quality.
>
> What we need is lemon laws for software.
>
> --vadim
That would destroy the free software community. You could try to exempt
free software, but then you would just succeed in destroying the 'low cost'
software com
When you don't have liability you don't have to worry about quality.
What we need is lemon laws for software.
--vadim
On 1 Sep 2003, Paul Vixie wrote:
>
> > ... Micr0$0ft's level of engineered-in vulnerabilities and wanton
> > disregard for security in the name of features. ...
>
> i can't
> ... Micr0$0ft's level of engineered-in vulnerabilities and wanton
> disregard for security in the name of features. ...
i can't see it. i know folks who write code at microsoft and they worry
as much about security bugs as people who work at other places or who do
software as a hobby. the pr
Frankly I dont want any of my ISP's filtering any of my
traffic. I
think we need (especially enterprise administrators like
myself) to take
some responsibility, and place our own filters.
That's a popular sentiment which derives its facade of reasonableness
from the notion that ISP's ought to
On zaterdag, aug 30, 2003, at 20:54 Europe/Amsterdam, Sean Donelan
wrote:
Only if it impacts the ISP, which it doesn't most of the time unless
they buy an unfortunate brand of dial-up concentrators.
Bits are bits, very few of them actually impact the ISP itself. Most
ISPs protect their own infra
From: Owen DeLong
> When was the last time you installed a Micr0$0ft security fix that was
> less than 5MB? (I have yet to see one)
SQL Slammer patch fit on a floppy (I remember - I walked around with that
floppy for hours that night).
Blaster patch fits on a floppy unless you're running a 64-bi
Given the Lion worm that hit Linux boxes, and the fact there's apparently
a known remote-root (since fixed) for Apple's OSX, what operating systems
would you consider "acceptable"?
This is an old argument and it just doesn't get any better with time.
There is a fundamental difference between BUGS
--On Saturday, August 30, 2003 8:18 PM +0200 Iljitsch van Beijnum
<[EMAIL PROTECTED]> wrote:
On zaterdag, aug 30, 2003, at 18:54 Europe/Amsterdam, Owen DeLong wrote:
Christopher L. Morrow's mention of asymmetric routing for multihomed
customers is more to the point, but if we can solve this fo
On Sat, Aug 30, 2003 at 02:53:46PM -0400, [EMAIL PROTECTED] wrote:
> This, in fact, is the single biggest thorn in our side at the moment. It's hard
> to adopt a pious "patch your broken box" attitude when the user can't get it
> patched without getting 0wned first...
>
This is where you start f
On Saturday, Aug 30, 2003, at 14:53 Canada/Eastern,
[EMAIL PROTECTED] wrote:
Given the Lion worm that hit Linux boxes, and the fact there's
apparently a
known remote-root (since fixed) for Apple's OSX, what operating
systems would
you consider "acceptable"?
I'm not aware of any operating syst
On Sat, Aug 30, 2003 at 12:08:51PM -0400, Eric Kagan wrote:
> How long do we give after the "friendly" notice as you are still infecting
> other people before it is okay to shut you off ?
Assuming a situation like the blaster worm, I'd expect a call to one of
the emergency contacts listed. Respo
On Fri, 29 Aug 2003, Sean Donelan wrote:
> Which Microsoft protocols should ISP's break today? Microsoft Exchange?
> Microsoft file sharing? Microsoft Plug & Play? Microsoft SQL/MSDE?
> Microsoft IIS?
All of the above.
> > He added that ISPs have the view and ability to prevent en-masse
>
Well I understand why an ISP will filter these.
But those things you mentioned are not software vendor vulnerabilities, or
vulnerabilities of some proprietary protocol used only by desktop systems.
Also the ISP will filter anything it feels it is a threat to it's own
systems as that is where
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Gerardo Gregory
>
> Frankly I dont want any of my ISP's filtering any of my
> traffic. I
> think we need (especially enterprise administrators like
> myself) to take
> some responsibility, an
On Sat, Aug 30, 2003 at 02:53:46PM -0400, [EMAIL PROTECTED] wrote:
> On Sat, 30 Aug 2003 14:09:40 EDT, Joe Abley said:
> > That won't save them when the time required to download the patch set
> > is an order of magnitude greater than the mean time to infection.
>
> This, in fact, is the single
On Sat, 30 Aug 2003 14:09:40 EDT, Joe Abley said:
> That won't save them when the time required to download the patch set
> is an order of magnitude greater than the mean time to infection.
This, in fact, is the single biggest thorn in our side at the moment. It's hard
to adopt a pious "patch you
On zaterdag, aug 30, 2003, at 18:54 Europe/Amsterdam, Owen DeLong wrote:
Christopher L. Morrow's mention of asymmetric routing for multihomed
customers is more to the point, but if we can solve this for all those
single homed dial, cable and ADSL end-users and not for multihomed
networks, I'll be
On Saturday, Aug 30, 2003, at 01:58 Canada/Eastern, Matthew S. Hallacy
wrote:
On Fri, Aug 29, 2003 at 11:42:16PM -0400, Sean Donelan wrote:
North Texas charges students $30 if their computer is infected, and
needs
to be cleaned.
Excellent, perhaps they'll learn early that they have to patch o
Christopher L. Morrow's mention of asymmetric routing for multihomed
customers is more to the point, but if we can solve this for all those
single homed dial, cable and ADSL end-users and not for multihomed
networks, I'll be very happy.
Sorry to throw yet another insect into the topical remedy (fl
Sean Donelan wrote:
If you don't want to download patches from Microsoft, and don't want to
pay McAfee, Symantec, etc for anti-virus software; should ISPs start
charging people clean up fees when their computers get infected?
www.google.com
+Free +AntiVirus
Now was that so hard?
-Jack
Rob Thomas wrote:
Oh, good gravy! I have a news flash for all of you "security experts"
out there: The Internet is not one, big, coordinated firewall with a
handy GUI, waiting for you to provide the filtering rules. How many
of you "experts" regularly sniff OC-48 and OC-192 backbones for all
th
On Sat, 30 Aug 2003 13:44:05 +0100
Ian Mason <[EMAIL PROTECTED]> wrote:
>
> At 07:33 30/08/2003, Iljitsch van Beijnum wrote:
>
> >On zaterdag, aug 30, 2003, at 05:42 Europe/Amsterdam, Sean Donelan wrote:
> >
> >>If you don't want to download patches from Microsoft, and don't want to
> >>pay McA
On zaterdag, aug 30, 2003, at 14:44 Europe/Amsterdam, Ian Mason wrote:
What would be great though is a system where there is an automatic
check to see if there is any return traffic for what a customer sends
out. If someone keeps sending traffic to the same destination without
anything coming b
Hey, Chris.
] No... I have one T1 to Sprint and one T1 to AT&T, I think my AT&T bill
] will be high this month so I stop sending OUT AT&T and only accept...
Yep, this is a very common tactic, for reasons of finance, politics,
responsiveness, etc.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
>He added that ISPs have the view and ability to prevent en-masse
> attacks. "All these attacks traverse their networks before they reach
> you and me. If they would simply stop attack traffic that has been
> identified and accepted as such, we'd all sleep better," Cooper said.
Frankly I dont w
At 07:33 30/08/2003, Iljitsch van Beijnum wrote:
On zaterdag, aug 30, 2003, at 05:42 Europe/Amsterdam, Sean Donelan wrote:
If you don't want to download patches from Microsoft, and don't want to
pay McAfee, Symantec, etc for anti-virus software; should ISPs start
charging people clean up fees whe
On zaterdag, aug 30, 2003, at 10:57 Europe/Amsterdam, Ray wrote:
So? SMTP uses TCP, TCP generates incoming ACKs for outgoing data, so
no
problems there.
Ah, so you're only looking to stop non-TCP attacks. How long do you
think
before the majority of DOS are TCP based? SYN floods result in ACK
On Sat, Aug 30, 2003 at 10:28:11AM +0200, Iljitsch van Beijnum wrote:
> On zaterdag, aug 30, 2003, at 09:54 Europe/Amsterdam, Ray Wong wrote:
> So? SMTP uses TCP, TCP generates incoming ACKs for outgoing data, so no
> problems there.
Ah, so you're only looking to stop non-TCP attacks. How long
On zaterdag, aug 30, 2003, at 09:54 Europe/Amsterdam, Ray Wong wrote:
What would be great though is a system where there is an automatic
check to see if there is any return traffic for what a customer sends
out. If someone keeps sending traffic to the same destination without
anything coming back,
On Sat, Aug 30, 2003 at 08:33:54AM +0200, Iljitsch van Beijnum wrote:
> What would be great though is a system where there is an automatic
> check to see if there is any return traffic for what a customer sends
> out. If someone keeps sending traffic to the same destination without
> anything c
On Sat, 30 Aug 2003, Iljitsch van Beijnum wrote:
>
> What would be great though is a system where there is an automatic
> check to see if there is any return traffic for what a customer sends
> out. If someone keeps sending traffic to the same destination without
> anything coming back, 99% chanc
On zaterdag, aug 30, 2003, at 05:42 Europe/Amsterdam, Sean Donelan
wrote:
If you don't want to download patches from Microsoft, and don't want to
pay McAfee, Symantec, etc for anti-virus software; should ISPs start
charging people clean up fees when their computers get infected?
Only if it impact
On Fri, Aug 29, 2003 at 11:42:16PM -0400, Sean Donelan wrote:
> North Texas charges students $30 if their computer is infected, and needs
> to be cleaned.
Excellent, perhaps they'll learn early that they have to patch often.
> . don't want to
On Fri, 29 Aug 2003 21:36:36 PDT, Mike Leber said:
> Perhaps paper manufacturers should be held liable until they come out with
> paper that can't be used to write down bad ideas.
Know what *really* irks me? I order blank paper, and this damned company keeps
sending me paper that's got connect-t
On Fri, 29 Aug 2003, Sean Donelan wrote:
> http://www.vnunet.com/Analysis/1143268
> > Although companies may have the infrastructure to deal with the current
> > band of worms, Trojans and viruses, there is currently a line of defence
> > that is not in place. "The problem isn't Microsoft's produ
Hey, Sean.
] North Texas charges students $30 if their computer is infected, and needs
] to be cleaned.
I think this is very reasonable, and a great idea.
] Would you pay an extra $50/Mb a month for your ISP to operate a firewall
] and scan your traffic for you?
No, but I have been sorely temp
On Fri, 29 Aug 2003, Rob Thomas wrote:
> Filter at the *EDGE* folks. You own your own networks; use and manage
> them responsibly. If you need assistance, ASK. If you can't take on
> the task, purchase bandwidth from providers who sell (yes, CHARGE YOU
> MONEY) a filtering service.
North Texas
Hi, NANOGers.
] > He added that ISPs have the view and ability to prevent en-masse
] > attacks. "All these attacks traverse their networks before they reach
] > you and me. If they would simply stop attack traffic that has been
] > identified and accepted as such, we'd all sleep better," Cooper s
On Fri, 29 Aug 2003 18:43:23 PDT, Owen DeLong <[EMAIL PROTECTED]> said:
> Um...What exactly is wrong with that? There are lots of LEGAL ways to
> download music.
And Napster can be used to download non-infringing files. Look where it got them.
pgp0.pgp
Description: PGP signature
Um...What exactly is wrong with that? There are lots of LEGAL ways to
download music. Apple's Music Store and several other licensed commercial
services provide music download services, as well as internet radio and
other "fair use" applications. This seems like a perfectly legitimate
reason to
On Fri, 29 Aug 2003 21:06:24 EDT, Terry Baranski <[EMAIL PROTECTED]> said:
> This is a disturbing viewpoint. Next thing you know we'll be blaming
> ISP's for file sharing...
Well, when one of the largest providers of high-speed internet access is including
"download music" as a reason for wantin
> "The problem isn't Microsoft's products or the knowledge
> of the consumer. The problem lies in the ISPs' unwillingness
> to make this issue disappear or at least reduce it
> dramatically," said Cooper.
This is a disturbing viewpoint. Next thing you know we'll be blaming
ISP's for file shari
Which Microsoft protocols should ISP's break today? Microsoft Exchange?
Microsoft file sharing? Microsoft Plug & Play? Microsoft SQL/MSDE?
Microsoft IIS?
It would be so much easier if worm writers followed the RFC's and set
the Evil Bit.
China has firewalled the entire country, and they have
78 matches
Mail list logo
