Re: Probes on Port 135 and 445 continue
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 10/16/04
- Next message: Alan Coopersmith: "Re: sunscreen not in solaris 10"
- Previous message: Dave Uhring: "Re: sunscreen not in solaris 10"
- In reply to:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Leythos: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Oct 2004 20:51:03 -0500
In article <MPG.1bd993f5e1256ba4989869@news-server.columbus.rr.com>,
Leythos wrote:
>In article <slrncmubrp.f7v.ibuprofin@atlantis.phx.az.us>,
>ibuprofin@painkiller.example.tld says...
>> In article <MPG.1bd78090e19d9f6798985b@news-server.columbus.rr.com>,
>> Leythos wrote:
>>> the acceptable use policy states that it's against the
>>> house rules to utilize P2P software on the network.
>>
>> Tell me, can you see Road Runner implementing that AUP any time soon?
>
>Nope, but I didn't suggest that they implement an AUP like that.
The sorority, or RR? If the sorority, I'm curious how someone managed
to educate them into such an enlightened position - and no, I'm rally
being serious on this.
>Wait, they do have a AUP that says you can't interfere with other users
>systems, can't host servers, etc... They only enforces it when people
>start impacting the network.
I'm assuming this refers to RR - most of the larger ISPs are heading in
this direction, and I'm all for that. I'd be happier still if they were
more active in enforcing the policy, because we do see a lot of situations
where _some_ ISPs ignore complaints from the world about abuses being
sourced from their networks. In some cases, the solutions have been to
firewall such bad neighbors.
>So, in all of this, using what we all know about ISP's and the typical
>devices they provide and what users typically have for system, how can
>we as a group, come up with a simple method that lets 90% of the people
>still use their machines without any issues,
The overwhelming majority of the home users have no business operating
any server type function - whether a FTP site, a web page, or a streaming
crap server. That includes sharing their files, disks, or computers. If
you really think there is a need for you to share the pictures of what
you are doing with that roll of duct tape and your pet hamster, many
ISPs have web servers that will host your page. Don't try this at home
folks, because the computer program is a heck of a lot more complicated
then you can ever dream of, and if you don't know WTF you are doing, you
should not be attempting to do so. Raise the bar? ABSOLUTELY.
Thus, the first simple answer is to block inbound ports below 1024 (except
possibly 113. Does that mean you can't run an SSH server to permit secure
inbound connections - no, but you'll have to run it on a random port
number above 1024, so that everyone doesn't automatically find it. If
someone needs to SSH in, you can tell them the secret number. And to
avoid just shifting the problem to another specific port, let the ISP
block specific port ranges randomly. This provides no barrier to those
who know what they are doing.
I'm sorry, but this is not 1988, and the Internet is not a closed
network like the Berkeley campus. The 'r' commands were acceptable
then because there was no real security threat. But because the
average user today thinks they need the Internet, and because the
defaults on Windows are to open everything (because Microsoft knows
the user has none of the skills needed to figure out how to enable
the services, and "ease of use" is thousands of times more important
than security when looking at sales figures), and because the ISPs
want to sell bandwidth and not be concerned with what might be in
those packets, we're stuck with a bunch of zombie systems that are
being abused, and are abusing the rest of us.
>but at the same time protect the network and external users from them?
Perhaps making it more expensive for fools to connect would be worth
while. Get connected for a base price of $N. If your box gets r00ted
and the ISP gets a complaint (external OR internal), the fool gets
disconnected until the box can be cleaned, and for the next six
months (or what-ever), your Internet access costs 2x$N. Get r00ted
again during that period, the price goes up to 4x$N and you're on
probation for a year. Lather, rinse, repeat.
>This is what the real subject of this message/thread is about, not
>blocking or why it's good/bad, but how, with all of the Windows based
>systems that are unpatched, without quality (if any) antivirus products,
>with ignorant users running them, we can control the spread of
>infections.
You know - it's really funny that third party vendors can produce firewall
products, anti-virus products, and so on, and Microsoft can't or won't. If
they do try to include such products, they are intentionally crippled
versions - XP's "firewall" being a really good example.
I'm all for not allowing the common user to be allowed to run services.
Virtually none of them have the first clue what they are doing. This is
made harder to control because Microsoft targets these clueless individuals
by intentionally enabling features and disabling any security control that
might get in the way of making the features work. It's made worse by their
inept programming.
>This is what the real subject of this message/thread is about, not
>blocking or why it's good/bad, but how, with all of the Windows based
>systems that are unpatched, without quality (if any) antivirus products,
>with ignorant users running them, we can control the spread of
>infections.
Microsoft _could_ go a long way in the right direction by turning off
a lot of features. There is no need for most of them anyway, and all
they do is allow exploitation. Example - HTML in mail or news. Firewalls
can't protect you from doing dumb things, especially if you've configured
your computer to "Don't ask me these stupid questions I don't understand,
just go ahead and do it." But because this really is expecting to much
from the users, then the ISPs need to start blocking stuff. Is that going
to happen? Yeah, right.
Old guy
- Next message: Alan Coopersmith: "Re: sunscreen not in solaris 10"
- Previous message: Dave Uhring: "Re: sunscreen not in solaris 10"
- In reply to:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Leythos: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
