[olug] Cox and Web Servers

David Walker linux_user at grax.com
Thu Oct 10 16:41:04 UTC 2002 

Scanning IP blocks for port 80 takes a very long time and eats much less 
bandwidth if all Port 80s are blocked.

Scanning a blocked port involves sending 1 to 5 packets and waiting to see if 
there is a response.  This waiting is costly.

Scanning a bunch of machines for open or closed (i.e. no server is running) 
ports goes very quick and generates more traffic because as soon as the worm 
finds an open port 80 it tries to upload itself (traffic) and if successful 
the worm starts generating it's own traffic (tons more traffic).

"Blocking the ports does not prevent people from running web servers,
which means that blocking ports has done nothing (or at least very little)
in the way of protecting Cox from such situations."
If people are running their web servers on whatever random port they selected 
then a lot has happened in the way of protecting users and Cox.  A worm 
cannot spread too well if it has to scan 65536 ports per machine to find a 
web server instead of just the one port.

On Thursday 10 October 2002 11:01 am, (Via wrote:
> Yes but they are going to scan the IP blocks whether they are open or not.
> Its just a bonus if they find an Ip with port 80 open.
>
> Trent
>
> -----Original Message-----
> From: olug-admin at olug.org [mailto:olug-admin at olug.org]On Behalf Of Eric
> Johnson
> Sent: Thursday, October 10, 2002 9:46 AM
> To: olug at olug.org
> Subject: Re: [olug] Cox and Web Servers
>
>
> ---- everything preceding snipped again ----
>
> To those who say there's no reason to filter port 80:
>
> Do you remember the weeks when NIMDA and Code Red first came out? Until
> they filtered port 80, it was impossible to make any connections because
> the cable modems reset from overload every 2 or 3 minutes.
>
> This was not because people on the network were all running servers; it
> was because people off (and on) the network were scanning every IP address
> looking for open port 80s. I cannot think of another way to prevent that
> situation than to block inbound port 80.
>
> -- Eric Johnson
>
> -------------------------------------------------
> A specification that will not fit on one
>     page of 8.5 x 11 inch paper cannot be
>     understood.
>
>     -- Mark Ardis
>
>    /*\              ASCII RIBBON CAMPAIGN
>    \ /              - AGAINST HTML EMAIL
>     X               - AGAINST MS ATTACHMENTS
>    / \
> ------------------------------------------------
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list