North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Port blocking last resort in fight against virus
On Tue, 12 Aug 2003, Jack Bates wrote: > > Christopher L. Morrow wrote: > > > > > If people want to use the network they need to take the responsibility and > > patch their systems. Blocking should really only be considered in very > > extreme circumstances when your network is being affected by the problem, > > or if the overall threat is such that a short term network-wide block > > would help get over the hump. > > Correct, and that's what I consider this; a short term network-wide > block that would help get over the hump. While my network is stable, > that doesn't mean everyone being scanned is stable. There are > undoubtably DOS conditions caused by this worm. Each local network should make this decision on their own, the backbone should really only get involved if there is a real crisis. The local network has the ability to determine if the ports/protocols are being used legitimately, not the backbone. Just cause you'd have to be insane to use MS shares over the open internet doesn't mean there aren't people doing it :( (or selling Exchange mailboxes over it too apparently?). So, if in YOUR network you want to do this blocking, go right ahead, but I wouldn't expect anyone else to follow suit unless they already determined there was a good reason for themselves to follow suit. As an aside, a day or so of 5 minutely reboots teaches even the slowest user to find a firewall product and upgrade/update their systems, eh?