August 19th, 2003, 02:29 PM
ISP Issues From Nachi / MSBlaster.D?
My ISP has been experiencing slow and intermittent connectivity for the past day or so as a result of the Nachi / MSBlaster.d worm and its ICMP traffic flooding.
My question is this- has your ISP had issues?
I don't want to name my ISP because I don't want to bias anyone, but it seems to me that with a month of notice and with everyone knowing that the worm was only a matter of time that they could have prepared better.
ISP's know that the majority of their customer base uses some flavor of Windows and that all versions of Windows are vulnerable and that most home users are too ignorant or lazy to patch. Knowing that, it seems like the logical thing to do would have been to block traffic on ports 135, 139 and 445. Once MSBlaster came out they could have also started blocking port 4444 traffic.
I can't think of any reason why the Netbios ports need to be open between me and other customers of my ISP or what harm could come from blocking them, but maybe I'm not thinking big enough.
So, bottom line- did your ISP have any issues? Did your ISP take proactive measures to prevent issues? Can you think of anything that ISP's could or should do to help protect their networks and their customers from being impacted by those who don't patch and protect their systems?