[Dshield] DCOM morning after

Bjorn Stromberg bjorn at thechemistrylab.com
Tue Aug 12 22:31:30 GMT 2003

As of 11am yesterday morning my ISP blocked all port 135 traffic. I'm not
sure what other ports they blocked. I got exactly 2 scans of MSBlast on my
netblock (n.n.x.x) before it was cut off. I like to think that while my ISP
may have saved a lot of people a lot of headaches... they may have blocked a
lot of legitimate traffic.

I'd rather have a benign worm force a lot of people to patch their machines
and make them aware of the dangers of having an open machine on the internet
than have my ISP blocking abritrary ports.

There are implicit dangers for you when you place your machine on the
internet. You are responsible for your own machine at home and part of that
responsibility is maintaining your machine.

When a corporation is taken offline by a worm that should never have
affected them (blocking port 135 will absolutely stop this worm) that
corporation should fire and take legal action against the incompetent IT
groups for allowing that loss of revenue. There was adequate warning and a
simple solution. I'm sorry, but if you cannot block a single port for your
organization *shakes his head*

Those of you saying it's the ISP's responsibility, what are you going to say
the ISP's close everything off. When your ports start getting auctioned off
like the FCC did with frequency ranges? When port 134 belongs to Viacom,
port 81 belongs to Vivendi, and port 65 belongs to Ford Motor Company, how
are you going to get your business done?

I want my ISP's to be common carriers, I want them to enforce their
acceptable use policies and kick abusive users off their network. I want to
be free to use my network connection in any non-abusive way that I wish
without fear of my ISP, the goverment, a marketing company, etc monitoring
what I do with my non-abusive internet use.

Bjorn Stromberg
Mid-Continent Testing Laboratories, Inc.

More information about the list mailing list