| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: SQL Slammer - lessons learned PS wrote: > All this is well and good, but I have a really hard time understanding > why we need to route insecure networking protocols such as NetBIOS, > CIFS, NFS or NIS across the Internet. Just closing those ports would do > a world of good for the Internet as a whole, and who in the world would > it hurt? Well, it wouldn't hurt many, that is true. But who is to decide which ports can be closed? I'd block this kind of traffic within the network, in policy and on the internal firewalling, and the external connection(s). Long time ago the net was invented to connect, with it came these extremely insecure protocols. But I could argue the same for many other protocols. So could my ISP. > If you really seriously need to mount drives from a remote network, you > can do it through a secure tunnel (SSH, VPN), which would not be blocked > by blocking those ports. If the Internet is going to survive in any > viable fashion, we have to come to our senses when it comes to allowable > services. The uncontrolled access to networking services on home > computers and poorly secured commercial networks is the root cause > behind a lot of the problems that exist on the Internet today - worms, > virus, trojans, etc. Ports 139 and 445, *at a minimum*, should be > closed (to the outside) on every network in the world. > > Are you really willing to demand your "freedom" in the face of the > overwhelming odds that leaving those ports open will do more harm than > good? > Yes, I am. Leaving these ports open does not harm me, if it harms anyone - not my problem. The ports you are referring to are not vital to the internet, it can just cause extra traffic. With the e-bubble, we got loads and loads of bandwidth, not used normally. My freedom to use non-standard systems, and in the foreseeable future, non-TCPA systems, is essential to me, and to many others. All this talk of regulating the internet is very scaring, since it hurts the choice in technology we have now. Putting the burden on ISP's for all the woes we see, is counterproductive. What will we do once we've put them all out of business, policing the net without financial compensation?
Powered by blists - more mailing lists