On 8/18/05, Roger Marquis <[EMAIL PROTECTED]> wrote:
>
> Andy Johnson wrote:
> > I think the point of many on this list is, they are a transit
> > provider, not a security provider. They should not need to filter
> > your traffic, that should be up to the end user/edge network to
> > decide for t
Roger Marquis wrote:
Andy Johnson wrote:
I think the point of many on this list is, they are a transit
provider, not a security provider. They should not need to filter
your traffic, that should be up to the end user/edge network to
decide for themselves.
How is this different from a trans
If you have an offending network that does not respond to
abuse/complaints, your best course of action is to no longer communicate
with that network. That is your own choice as an end-user/network operator.
Complaining to their upstream or transit provider will only get them to
switch provid
Resent to address formatting misbehaviour:
Source proto dstPort count
62.149.195.129 6 42 13018
203.69.204.250 6 445 12889
213.123.129.237 1 204812693
70.17.255.436 443 12685
217.132.56.139 6 489911056
209.181.111.12 6
On Thu, 18 Aug 2005, Roger Marquis wrote:
My question is not what can we do about bots, we already filter
these worst case networks, but what can we do to make it worthwhile
for bot-providers like NETNET to police their own networks without
involving lawyers?
Establish and document a history
Andy Johnson wrote:
I think the point of many on this list is, they are a transit
provider, not a security provider. They should not need to filter
your traffic, that should be up to the end user/edge network to
decide for themselves.
How is this different from a transit provider allowing thei
On 8/18/05, James Baldwin <[EMAIL PROTECTED]> wrote:
> On Aug 17, 2005, at 11:03 PM, routerg wrote:
>
> > What if you are a transit provider that serves ebay, yahoo, and/or
> > google and the worm is propogating over TCP port 80?
>
> No one is suggesting that anyone suspend reason when making a
>
On 8/18/05, James Baldwin <[EMAIL PROTECTED]> wrote:
> On Aug 17, 2005, at 11:03 PM, routerg wrote:
>
> > What if you are a transit provider that serves ebay, yahoo, and/or
> > google and the worm is propogating over TCP port 80?
>
> No one is suggesting that anyone suspend reason when making a
On Aug 17, 2005, at 11:03 PM, routerg wrote:
What if you are a transit provider that serves ebay, yahoo, and/or
google and the worm is propogating over TCP port 80?
No one is suggesting that anyone suspend reason when making a
decision to temporarily, or permanently for that matter, block
Randy Bush <[EMAIL PROTECTED]> wrote:
[...]
> surely you realize that this discussion is not about civil rights
> and the constitution, but about combatting terrorists.
And we have always been at war with Eastasia.
--
PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key
/:.*posting.googl
Oh,no -- not the "Where will it end?" defense.
I should just go ahead and invoke Godwin's Law now
and put us all out of thread misery...
- ferg
-- routerg <[EMAIL PROTECTED]> wrote:
Where will the filtering end? Is your NSP/ISP responsible for
filtering virii, spam, phishing? I'm not saying
On 8/16/05, Gadi Evron <[EMAIL PROTECTED]> wrote:
>
> Randy Bush wrote:
> >>Surely we realize that this discussion is not concerning the oft
> >>repeated "Internet's Firewall" debate.
> >>Its about containing a potential worm/virus outbreak. Call it a network
> >>wide quarantine.
> >
> >
> > sure
On Wed, 17 Aug 2005, William Warren wrote:
>
> I may be off base here. Can't an ips look at the traffic; say on 443
> and figure out whether the traffic is malicious or not? If so then let
> it filter it. I know IPS's aren't perfect, but, i would prefer this
> router be taken, if available an
Daniel Senie wrote:
One of the dangers is more and more stuff is being shoved over a
limited set of ports. There are VPNs being built over SSL and HTTP to
help bypass firewall rule restrictions. At some point we end up with
another protocol demux layer, and a non-standard one at that if we
day, August 16, 2005 12:58 AM
To: Christopher L. Morrow
Cc: nanog@merit.edu
Subject: Re: zotob - blocking tcp/445
[snip arguments]
Do not become the internet firewall for your large customer
base... it's bad.
Okay, so please allow me to alter the argument a bit.
Say we agreed on:
1. Security is
I think the point of many on this list is, they are a transit provider,
not a security provider. They should not need to filter your traffic,
that should be up to the end user/edge network to decide for themselves.
Additionally, content filtering is great for those type of end-user
folks,
now and
then because both arguments make logical sense.
- Erik
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gadi Evron
Sent: Tuesday, August 16, 2005 12:58 AM
To: Christopher L. Morrow
Cc: nanog@merit.edu
Subject: Re: zotob - blocking tcp/445
[snip ar
> NetBIOS was never meant to be a WAN protocol, so no problem
> in blocking it.
445/TCP is not NetBIOS! Some people even call the protocol the
"Common Internet File System".
On Tue, 16 Aug 2005, Christopher L. Morrow wrote:
> > I think you're overestimating the security clue of most businesses. I'd
> > *love* to be proved wrong by somebody citing a credible survey indicating
> > that
> > most businesses *are* Getting It Right
>
> I think Sean Donelan had a surve
On Tue, 16 Aug 2005 [EMAIL PROTECTED] wrote:
> On Tue, 16 Aug 2005 13:44:27 CDT, "Church, Chuck" said:
>
> > *** Rules are going to be different for residential vs. business
> > customers. Business customers who aren't on crack probably know better
> > to block netbios in and out.
>
> Whatever
Randy Bush wrote:
Surely we realize that this discussion is not concerning the oft
repeated "Internet's Firewall" debate.
Its about containing a potential worm/virus outbreak. Call it a network
wide quarantine.
surely you realize that this discussion is not about civil rights
and the constit
On Tue, 16 Aug 2005 13:44:27 CDT, "Church, Chuck" said:
> *** Rules are going to be different for residential vs. business
> customers. Business customers who aren't on crack probably know better
> to block netbios in and out.
Whatever happened to the War On Drugs, anyhow? :)
I think you're ov
> Surely we realize that this discussion is not concerning the oft
> repeated "Internet's Firewall" debate.
> Its about containing a potential worm/virus outbreak. Call it a network
> wide quarantine.
surely you realize that this discussion is not about civil rights
and the constitution, but ab
On Mon, 15 Aug 2005, Church, Chuck wrote:
>
>
> >'enterprise security folks' are probably not the issue... The fact
> remains
> >that lots of folks DO do this :( There are quite a few folks between
> >'consumer' and 'enterprise' that do all manner of dumb things on the
> >Internet (where 'd
and again I point to the above rules. What your network can't handle
'scanning wise' is completely different from what the network I work on
can handle.
If your network is being jeopardized by some level of scanning they fix
that, but that is a local decision. Blindly stating "large isps filter
On Tue, 16 Aug 2005, Daniel Senie wrote:
> At 12:46 AM 8/16/2005, Christopher L. Morrow wrote:
>
>
> >On Tue, 16 Aug 2005, Gadi Evron wrote:
> > >
> > > Randy Bush wrote:
> > > I'm not nearly confident enough to decide on behalf of almost
> > > billion other people how they should benefi
The sky is falling, or never mind. AV vendor press releases are always
amusing to read.
http://news.com.com/Zotob+worm+finds+its+path+limited/2100-7349_3-5833777.html?tag=nefd.top
As of Monday morning on the West Coast, the original Zotob.A had
infected about 50 computers worldwide, and t
On Tue, 16 Aug 2005, Joe Maimon wrote:
>
>
> Christopher L. Morrow wrote:
> >
> > On Mon, 15 Aug 2005, [EMAIL PROTECTED] wrote:
> >
> >
> >>
> >>NetBIOS was never meant to be a WAN protocol, so no problem
> >>in blocking it.
> >
> >
> > rule #1: do not be the Internet's Firewall
> > rule #2: see
At 12:46 AM 8/16/2005, Christopher L. Morrow wrote:
On Tue, 16 Aug 2005, Gadi Evron wrote:
>
> Randy Bush wrote:
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
> >>>
> >>>thanks for
Jiri,
Rommon's site does not state clearly if the product is a network appliance (as
it appears to be since its interface is web-based) or a software-only product.
Abraços,
Marlon Borba, CISSP.
--
Nova campanha:
Centro de Resposta a Incidentes de
Segurança da Justiça Federal - Vamos criar!
--
Joe Maimon wrote:
This is network self preservation. Otherwise the garbage will
eventually suffocate us all.
It's like cancer initially was treated with drugs and equipment which
did serious damage to the whole body, killing many in the process and
today the methods are much more targete
Randy,
> though http://www.rommon.com/sandbox.html looks to be a
> commercial product (and hence the spawn of evil:-), has
> anyone got success/failure stories? it looks to speak
> directly to this issue.
We have been using rommon for years now and are quite happy with it. It
has radically decr
Christopher L. Morrow wrote:
On Mon, 15 Aug 2005, [EMAIL PROTECTED] wrote:
NetBIOS was never meant to be a WAN protocol, so no problem
in blocking it.
rule #1: do not be the Internet's Firewall
rule #2: see rule #1
Surely we realize that this discussion is not concerning the oft
repe
though http://www.rommon.com/sandbox.html looks to be a
commercial product (and hence the spawn of evil:-), has
anyone got success/failure stories? it looks to speak
directly to this issue.
randy
> If ISPs really wanted to make the Internet better for Corporate America,
> I guess they'd unplug most of Asia...not block a port here and there
> (but that isn't exactly acceptable).
If I (working for an ISP in Norway) wanted to make the Internet better
for my customers, I'd unplug lots of U.S.
ECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gadi Evron
Sent: Tuesday, August 16, 2005 12:58 AM
To: Christopher L. Morrow
Cc: nanog@merit.edu
Subject: Re: zotob - blocking tcp/445
[snip arguments]
> Do not become the internet firewall for your large customer base...
> it's bad.
>
Oka
[snip arguments]
Do not become the internet firewall for your large customer base... it's
bad.
Okay, so please allow me to alter the argument a bit.
Say we agreed on:
1. Security is THEIR (customers') problems, not yours.
2. You are not the Internet's firewall.
That would mean you would st
On Mon, 15 Aug 2005 20:05:30 MDT, Shane Amante said:
> Leaf network filtering (or not) is largely solved.
Ahem. :)
If this was a "solved" problem, we'd not be having a thread about a zotob worm.
There's a *very* large gap between "the clued know of a range of suitable
solutions" and "the great
On Tue, 16 Aug 2005 [EMAIL PROTECTED] wrote:
> On Mon, 15 Aug 2005 20:05:30 MDT, Shane Amante said:
>
> > Leaf network filtering (or not) is largely solved.
>
> Ahem. :)
>
> If this was a "solved" problem, we'd not be having a thread about a zotob
> worm.
>
thank you.
On Tue, 16 Aug 2005, Gadi Evron wrote:
>
> Randy Bush wrote:
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
> >>>
> >>>thanks for that!
> >>
> >>Indeed. Also see
> >>http://www.iab.org
Randy Bush wrote:
I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.
thanks for that!
Indeed. Also see
http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
as i just replied to a private m
On Mon, 15 Aug 2005, Church, Chuck wrote:
>
>
> >'enterprise security folks' are probably not the issue... The fact
> remains
> >that lots of folks DO do this :( There are quite a few folks between
> >'consumer' and 'enterprise' that do all manner of dumb things on the
> >Internet (where 'dumb'
>'enterprise security folks' are probably not the issue... The fact
remains
>that lots of folks DO do this :( There are quite a few folks between
>'consumer' and 'enterprise' that do all manner of dumb things on the
>Internet (where 'dumb' is equivalent to running smb shares across the
>public n
> While its not uncommon to run SMB/Windows file system drive mounts across
> private WANs, doing so across the Internet, on a non-encrypted tunnel, is
> the equivalent of running with scissors.
yep. agree. but, as it does not damage the track, and only opens
the runner to harm, as the track ma
On Mon, 15 Aug 2005, Daniel Golding wrote:
>
>
> On 8/15/05 4:46 PM, "Randy Bush" <[EMAIL PROTECTED]> wrote:
>
> >
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
> >>> thanks for th
On 8/15/05 4:46 PM, "Randy Bush" <[EMAIL PROTECTED]> wrote:
>
I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.
>>> thanks for that!
>> Indeed. Also see
>> http://www.iab.org/documents/doc
Chris,
This isn't directed at you, just adding my 2 cents to the thread ...
On Aug 15, 2005, at 3:29 PM, Christopher L. Morrow wrote:
On Mon, 15 Aug 2005, [EMAIL PROTECTED] wrote:
NetBIOS was never meant to be a WAN protocol, so no problem
in blocking it.
rule #1: do not be the Internet's F
) welchia/nachi - how can I ping monitor my remote sites?
ymmv.
>
> For example: grc.com/su-techzone1.htm
>
> scott
>
> - Original Message Follows -
> From: Gadi Evron <[EMAIL PROTECTED]>
> To: nanog list
> Subject: zotob - blocking tcp/445
> Date: Mo
>>> I'm not nearly confident enough to decide on behalf of almost
>>> billion other people how they should benefit from the Internet
>>> and how not to.
>> thanks for that!
> Indeed. Also see
> http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
as i just replied to a private message
- Original Message Follows -
From: Saku Ytti <[EMAIL PROTECTED]>
To: nanog list
Subject: Re: zotob - blocking tcp/445
Date: Mon, 15 Aug 2005 22:22:10 +0300
> On (2005-08-15 18:51 +), [EMAIL PROTECTED] wrote:
>
> > NetBIOS was never meant to be a WAN protocol, so
In message <[EMAIL PROTECTED]>, Randy Bush writes:
>
>> I'm not nearly confident enough to decide on behalf of almost
>> billion other people how they should benefit from the Internet
>> and how not to.
>
>thanks for that!
Indeed. Also see http://www.iab.org/documents/docs/2003-10-18-edge-filter
On (2005-08-15 09:28 -1000), Randy Bush wrote:
> > There are real solutions to the problem, which include monitoring
> > the end-user traffic and do traffic steering for infected hosts
> > to a web page thats helps solving their problem.
>
> for we who are under-clued, do you have a url for sug
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
thanks for that!
> There are real solutions to the problem, which include monitoring
> the end-user traffic and do traffic steering for infected host
vron <[EMAIL PROTECTED]>
> To: nanog list
> Subject: zotob - blocking tcp/445
> Date: Mon, 15 Aug 2005 21:51:43 +0200
> > I heard from several different big ISP's that to stop the
> > spread of the worm they now block tcp/445. I suppose it
> > works.
> >
> > Gadi.
>
--
++ytti
NetBIOS was never meant to be a WAN protocol, so no problem
in blocking it.
For example: grc.com/su-techzone1.htm
scott
- Original Message Follows -
From: Gadi Evron <[EMAIL PROTECTED]>
To: nanog list
Subject: zotob - blocking tcp/445
Date: Mon, 15 Aug 2005 21:51:43 +0200
>
I heard from several different big ISP's that to stop the spread of the
worm they now block tcp/445. I suppose it works.
Gadi.
56 matches
Mail list logo