[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <006b01c2d08a$1155dfe0$0100000a@yrpxb5>
From: yossarian at planet.nl (yossarian)
Subject: SQL Slammer - lessons learned
PS wrote:
> All this is well and good, but I have a really hard time understanding
> why we need to route insecure networking protocols such as NetBIOS,
> CIFS, NFS or NIS across the Internet. Just closing those ports would do
> a world of good for the Internet as a whole, and who in the world would
> it hurt?
Well, it wouldn't hurt many, that is true. But who is to decide which ports
can be closed? I'd block this kind of traffic within the network, in policy
and on the internal firewalling, and the external connection(s). Long time
ago the net was invented to connect, with it came these extremely insecure
protocols. But I could argue the same for many other protocols. So could my
ISP.
> If you really seriously need to mount drives from a remote network, you
> can do it through a secure tunnel (SSH, VPN), which would not be blocked
> by blocking those ports. If the Internet is going to survive in any
> viable fashion, we have to come to our senses when it comes to allowable
> services. The uncontrolled access to networking services on home
> computers and poorly secured commercial networks is the root cause
> behind a lot of the problems that exist on the Internet today - worms,
> virus, trojans, etc. Ports 139 and 445, *at a minimum*, should be
> closed (to the outside) on every network in the world.
>
> Are you really willing to demand your "freedom" in the face of the
> overwhelming odds that leaving those ports open will do more harm than
> good?
>
Yes, I am. Leaving these ports open does not harm me, if it harms anyone -
not my problem. The ports you are referring to are not vital to the
internet, it can just cause extra traffic. With the e-bubble, we got loads
and loads of bandwidth, not used normally. My freedom to use non-standard
systems, and in the foreseeable future, non-TCPA systems, is essential to
me, and to many others.
All this talk of regulating the internet is very scaring, since it hurts the
choice in technology we have now. Putting the burden on ISP's for all the
woes we see, is counterproductive. What will we do once we've put them all
out of business, policing the net without financial compensation?
Powered by blists - more mailing lists