[ISN] ISPs Could Block Ports to Reduce Spread of Malware

From: InfoSec News (isnat_private)
Date: Wed Sep 10 2003 - 23:03:28 PDT

  • Next message: InfoSec News: "[ISN] Windows & .NET Magazine Security UPDATE--September 10, 2003"

    Forwarded from: Mark Bernard <mbernardat_private>
    Dear Associates,
    I do not agree with this recommendation for two reasons, see below:
    First off, what about all the legitimate uses for these ports? This
    strategy would in fact reduce and/or eliminate the functionality of
    thousands of computers around the world. Functionality that has
    already been sold and paid for.
    Secondly, this strategy in fact removes accountability from where it
    belongs, the computer user. It is reminiscent of the early dark-days
    of the Internet when the law makers didn't know how to assess damages
    caused by through Internet connections so they made ISPs accountable.
    That was a desperate maneuver that failed!
    I think the people at SANS who came up with this recommendation had
    better check 'the-old-wet-ware' because I think that's its been
    infected by a Federal strength virus....
    I believe that a more acceptable approach would be to establish
    national information security standards the manufacturers must adhere
    to when selling hardware. This approach would keep the accountability
    with the client unless of course the manufacturer didn't follow the
    standards then they would be help accountable to some extent.
     --ISPs Could Block Ports to Reduce Spread of Malware (8 September 2003)
    A report written by Johannes Ullrich, SANS Internet Storm Center CTO,
    proposes that Internet service providers (ISPs) block access to
    "commonly exploited" communications ports on customers' computers.
    While it would not prevent all Internet threats, it could address a
    bulk of the problems.  The four ports, 135, 137, 139 and 445, are not
    necessary for most Internet use.  The proposal is aimed at ISPs that
    serve individual customers and universities, not those that serve
    corporate customers.
    [Editor's Note (Ranum): It's good that we are finally reinventing
    "default deny"! Historically, though, this has been countered by
    unsupported claims of reduced performance due to router filtering
    Mark E. S. Bernard, CISM,
    Apollo Computer Consultants Inc.
    email: Mark.Bernard.CISM@apollo-cc.com
    Web site: www.apollo-cc.com
    Phone: (506) 375-6368
    Information Security Notice: 
    This e-mail is classified as private and is intended for use by the
    sender and recipient "only". Unauthorized access to this e-mail will
    be dealt with in accordance with the Canadian charter of rights and
    freedoms section 7 and 8. Link; http://laws.justice.gc.ca/en/charter/
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 01:18:14 PDT