ISP Issues From Nachi / MSBlaster.D?
Results 1 to 7 of 7

Thread: ISP Issues From Nachi / MSBlaster.D?

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    ISP Issues From Nachi / MSBlaster.D?

    My ISP has been experiencing slow and intermittent connectivity for the past day or so as a result of the Nachi / MSBlaster.d worm and its ICMP traffic flooding.

    My question is this- has your ISP had issues?

    I don't want to name my ISP because I don't want to bias anyone, but it seems to me that with a month of notice and with everyone knowing that the worm was only a matter of time that they could have prepared better.

    ISP's know that the majority of their customer base uses some flavor of Windows and that all versions of Windows are vulnerable and that most home users are too ignorant or lazy to patch. Knowing that, it seems like the logical thing to do would have been to block traffic on ports 135, 139 and 445. Once MSBlaster came out they could have also started blocking port 4444 traffic.

    I can't think of any reason why the Netbios ports need to be open between me and other customers of my ISP or what harm could come from blocking them, but maybe I'm not thinking big enough.

    So, bottom line- did your ISP have any issues? Did your ISP take proactive measures to prevent issues? Can you think of anything that ISP's could or should do to help protect their networks and their customers from being impacted by those who don't patch and protect their systems?

  2. #2
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Don't feel like the Lone Ranger, Tonto.....I've had similar issues although things have gotten better here over the past 24 hours. However, when I got back in town Saturday evening it was almost as if the interrnet had ceased to exist. And yes, one would think that with so much advance notice that "professionals" (I'm using that word lightly) like the ones who run my ISP would be better prepared.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  3. #3
    Member GandalfTheGray's Avatar
    Join Date
    Jan 2003
    Posts
    96
    I did notice a distinct slowing of access and, as far as I can tell by monitoring firewall logs, our ISP has done nothing to block attacked ports.

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    315
    There is a distinct slowing on my side as well and it's still a bit slow. The situation has not been rectified and the way things are going it doesn't look like it would be anytime soon. I just think they could have been a little more prepared as well.

    Guidance....
    - The mind is too beautiful to waste...
    Cutty


  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    My ISP actually sent out warnings about it before it hit. How's that for service? Anyway, no slowdown or failure of service. Now, this is the *only* time they have sent a notice like this so this may have been a one trick pony.

    The ISP at my facility on the other hand, had a performance hit that degraded our throughput to about half of its normal speed. This wasn't constant though. It varied hour-by-hour.

    Tony,

    Filtering NetBIOS traffic takes a tremedous amount of resources. Many ISPs don't filter anything because of the amount of traffic that would have to be analyzed. This is most likely the reason why your ISP doesn't filter that traffic. I know for a fact that my ISP doesn't but they had enough sense to make their users aware and that seemed to be the right move - this time.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Maybe we just need someone standing by 24/7 to hit the BIG RED BUTTON ?

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    LOL.

    No We must secure the big red button so noone ever presses it.

    I guess I've been the lucky one. I haven't been having any problems with my speed. Its staying constant at 512K.
    =

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides