Re: Port 135 Probes Continue

From: Joe (
Date: 12/24/03

Date: Tue, 23 Dec 2003 23:32:43 +0000

In message <>, David Magda
<> writes
>"Nico Kadel-Garcia" <> writes:
>> port 135 from day one, along with the NFS and SMB ports *AS THEY
>> SHOULD HAVE*, this virus/worm/whatever you wish to call it never
>> would have propagated.
>Personally I don't want my ISP deciding what I can or cannot connect
>to. But that's just me. I'll take liberty over security.
I understand what you say... but if no blocking is done anywhere, then
worms will periodically, and with increasing frequency, shut down the
Net and eventually spam will make it unusable.

This is an important area of debate. While it is often difficult to tell
good traffic from bad easily, there are certain types which can be
identified as 'always bad' without too much trouble. Should these be
blocked or not? I don't know if you have any contact with the Windows
world, but Microsoft uses a number of well known ports which should
never, under any circumstances, be accessible to untrusted hosts. So
does Unix, for that matter. Is there a legitimate reason for connecting
to a portmapper over the Internet?

Microsoft could introduce an equivalent to TCP-wrappers, which together
with a total block on the private IP blocks by ISPs, might solve the
problem of worms. Will they? They could abandon the idea of using email
as an entertainment medium, which would kill most viruses. Will they?
>That said, if you put your machine on the Net you should be prepared
>to take responsibility for what happens to it. Of course it's easier
>to do with some systemas than with others.
That's not how it works, is it? Anyone at all, with no 'driving licence'
and with no 'third party insurance', can connect to the Net, using any
OS they choose, but probably the one their computers came with. Given
trends in the Western world, I can't see such responsibility ever being
imposed on Net users. Nor can I see Microsoft, or indeed Red Hat, being
made responsible in any way for the security of users of their products.
They may *choose* to take on such responsibility if their profits become
dependent on it, but probably not otherwise.

When you come down to it, if you want a job done properly you can only
do it yourself. You may not want your ISP to block any messages, but
some people do, and when enough people do, then some ISPs will make the
facility available. You must make the choice as to whether you want this
facility. I suspect that some ISPs will offer the choice themselves.
Many ISPs currently block port 25, but some will open it for individual
customers who appear to know what they're doing. This could be extended
to all the legitimate Internet ports for all users, with increasing
computer power.

ISPs themselves will make routing choices based on connectivity
available to them on the backbone, and they will prefer paths unclogged
by spam. Eventually pressure will come to bear on the backbone owners to
maximise the bandwidth they can offer their customers, by blocking
obviously unwanted traffic. Some will choose not to do so, and may then
forfeit income because of this. If enough people want a clean Internet,
it will happen, but not otherwise. Think of it as democracy in action.