[Dshield] mail1.giac.net spamcop listed]

Chris Brenton cbrenton at chrisbrenton.org
Mon Dec 15 23:02:01 GMT 2003


On Mon, 2003-12-15 at 16:36, David Hart wrote:
>
> Certainly not. I have most of Asia whacked.

I totally agree. The way I explain it in SANS T2 is this:
You have a number of internal systems that have NetBIOS/IP, SMB/IP, FTP,
etc. etc. open. Since your company has chosen not to do business with
those services over the Internet, they have also chosen not to assume
the risk of exposing those ports to the Internet. Thus a firewall gets
installed to block access to these ports.

Blocking subnets is the same line of thought. If you are not doing
business with countries in RIPE or APNIC blocks, why expose yourself to
the risk of attack from those subnets?

>  However, that's a decision
> made for my small firm. Verizon (our ISP) has no right to to make those
> assumptions for their customer base.

Agreed. In fact I would extend that into the port realm as well. An ISP
that blocks ICMP, NetBIOS, etc. _without_ a written agreement with their
clients is doing them a dis-service. IMHO someone needs to get sued over
it before things get better.

C







More information about the list mailing list