[Dshield] paper about port blocking

Richard Roy RoyR at justicetrax.com
Wed Sep 3 21:56:49 GMT 2003

Now there's a bright idea.  Problem is the "cost" associated with these
worms and the support problems are ficticious estimates.  No one really
has any idea what the cost of support was during that time frame that
can actually be correctly or even directly attributed to the worm, vs,
inexpereinced user, vs, bad admin, etc.  At the very least the ISP's, if
they are not port filtering or blocking, should be more proactive in
their identification and disconnection of infected users.  Well
positioned IDS's and sniffers that are in use and monitored, etc. should
be able to do the trick for most ISP's.  We pay for Uptime and
bandwidth, if they want to sell to home users (and most do by the way)
then protect my investment in your services, that's called customer
service.  I do my part, in the office and at home with the right
equipment and software.  I expect my provider(s) to do the same.

-----Original Message-----
From: Jonathan Rickman [mailto:jonathan at xcorps.net] 
Sent: Wednesday, September 03, 2003 2:33 PM
To: General DShield Discussion List
Subject: Re: [Dshield] paper about port blocking

On Wednesday 03 September 2003 16:52, Darren Gasser wrote:

> Most importantly, if you believe port blocking is inherently wrong, 
> what alternative do you propose for controlling the spread of worms, 
> spam, and other traffic that is crippling large parts of the Internet?

Filtering at the edge works just as well for consumers as it does for
enterprises. Broadband ISPs should ship devices that support at least
form of static packet filtering, and have it locked down by default.
users could access the device and open what they need, and less savvy
will be protected by default. Obviously some tweaking of the default
will be needed to support online gaming and the like, but ISPs could
the costs over time due to the reduced time spent playing whack-a-mole
infections. It wouldn't break my heart if in the event of malicious
being detected originating from the customer, the device re-directed the

customer traffic destined for port 80 to an "attention getter" page that

either reiterated the terms of the AUP, or had instructions for cleaning

the worm of the month. 

Jonathan Rickman
X Corps Security

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list