[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] ISPs Could Block Ports to Reduce Spread of Malware
Forwarded from: Mark Bernard <mbernard@xxxxxxxxxxx>
I do not agree with this recommendation for two reasons, see below:
First off, what about all the legitimate uses for these ports? This
strategy would in fact reduce and/or eliminate the functionality of
thousands of computers around the world. Functionality that has
already been sold and paid for.
Secondly, this strategy in fact removes accountability from where it
belongs, the computer user. It is reminiscent of the early dark-days
of the Internet when the law makers didn't know how to assess damages
caused by through Internet connections so they made ISPs accountable.
That was a desperate maneuver that failed!
I think the people at SANS who came up with this recommendation had
better check 'the-old-wet-ware' because I think that's its been
infected by a Federal strength virus....
I believe that a more acceptable approach would be to establish
national information security standards the manufacturers must adhere
to when selling hardware. This approach would keep the accountability
with the client unless of course the manufacturer didn't follow the
standards then they would be help accountable to some extent.
--ISPs Could Block Ports to Reduce Spread of Malware (8 September 2003)
A report written by Johannes Ullrich, SANS Internet Storm Center CTO,
proposes that Internet service providers (ISPs) block access to
"commonly exploited" communications ports on customers' computers.
While it would not prevent all Internet threats, it could address a
bulk of the problems. The four ports, 135, 137, 139 and 445, are not
necessary for most Internet use. The proposal is aimed at ISPs that
serve individual customers and universities, not those that serve
[Editor's Note (Ranum): It's good that we are finally reinventing
"default deny"! Historically, though, this has been countered by
unsupported claims of reduced performance due to router filtering
Mark E. S. Bernard, CISM,
Apollo Computer Consultants Inc.
Web site: www.apollo-cc.com
Phone: (506) 375-6368
Information Security Notice:
This e-mail is classified as private and is intended for use by the
sender and recipient "only". Unauthorized access to this e-mail will
be dealt with in accordance with the Canadian charter of rights and
freedoms section 7 and 8. Link; http://laws.justice.gc.ca/en/charter/
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.