Re: Port 135 Probes Continue

From: David Magda (dmagda+trace031024_at_ee.ryerson.ca)
Date: 12/30/03


Date: 29 Dec 2003 18:25:53 -0500


Sorry for the delay in replying. Stuff came up.

Joe <joe@jretrading.com> writes:

> I understand what you say... but if no blocking is done anywhere,
> then worms will periodically, and with increasing frequency, shut
> down the Net and eventually spam will make it unusable.

At the very least I would say that ISPs should ensure that packets
have no had their source-IP field forged. Other than that I would
hold each user responsible for the stuff that comes from their
connection. Once people start being liable for their system, they
will start thinking on how reliable their system is.

[...]
> these be blocked or not? I don't know if you have any contact with
> the Windows world, but Microsoft uses a number of well known ports

I use a WXP laptop at work, but use neither Outlook nor IE
(Thunderbird and Firebird). I did sysadmin for a while and we had
more trouble from our dozen Windows boxes (including running under
SunPC) that 200+ Unix (Solaris, Linux and FreeBSD) boxes.

> which should never, under any circumstances, be accessible to
> untrusted hosts. So does Unix, for that matter. Is there a
> legitimate reason for connecting to a portmapper over the Internet?

None. That's why I like the example of OpenBSD sets: almost
everything is turned off. People ask 'what use is a box like
that'. The answer is that the use is it doesn't introduce security
holes. It's less work to enable something than it is to figure out
how you got compromised.

[...]
> of using email as an entertainment medium, which would kill most
> viruses. Will they?

No. They were told and were aware of the issues of mixing data and
executable code together all the way back in '93 when Outlook Express
first came out and they ignored it. There are smart people working /
coding at MS: unfortunately they don't seem to be the ones that have
decision-making power.

> That's not how it works, is it? Anyone at all, with no 'driving
> licence' and with no 'third party insurance', can connect to the
> Net, using any OS they choose, but probably the one their computers
[...]

It always baffled me why people can't see that when they make a
decisions there are consequences. Of course, not all of them are
forseen but they're there nonetheless.

> When you come down to it, if you want a job done properly you can
> only do it yourself. You may not want your ISP to block any
> messages, but some people do, and when enough people do, then some

Access to the 'Net is not a right. Neither is driving (though freedom
of movement is). What's so hard about picking up a
Linksys/Netgear/Dlink? Many people have more than one computer
anyways.

> offer the choice themselves. Many ISPs currently block port 25, but
> some will open it for individual customers who appear to know what
> they're doing. This could be extended to all the legitimate
> Internet ports for all users, with increasing computer power.
[...]

As is the case with mine (Sympatico). For quite some time the blocked
25/tcp (and had caps). Recently they let incoming 25/tcp open (and no
more caps).

[...]
> not to do so, and may then forfeit income because of this. If
> enough people want a clean Internet, it will happen, but not
> otherwise. Think of it as democracy in action.

Sometimes it's tempting to wish for a benign dictator. :-/

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI