nanog mailing list archives
Re: How to secure the Internet in three easy steps
From: "Matthew S. Hallacy" <poptix () techmonkeys org>
Date: Sun, 27 Oct 2002 19:42:10 -0600
On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote:
Sean, At Home's policy was that servers were administratively forbidden. It ran proactive port scans to detect them (which of course were subject to firewall ACLs) and actioned them under a complex and changing rule set. It frequently left enforcement to the local partner depending on contractual arrangements. It did not block ports. Non-transparent proxing was used for http - you could opt out if you knew how. While many DSL providers have taken up filtering port 25, the cable industry practice is mostly to leave ports alone. I know of one large
Untrue, AT&T filters the following *on* the CPE: Ports / Direction / Protocol 137-139 -> any Both UDP any -> 137-139 Both UDP 137-139 -> any Both TCP any -> 137-139 Both TCP any -> 1080 Inbound TCP any -> 1080 Inbound UDP 68 -> 67 Inbound UDP 67 -> 68 Inbound UDP any -> 5000 Inbound TCP any -> 1243 Inbound UDP And they block port 80 inbound TCP further out in their network. Overall, cable providers more heavily than cable providers. I'd say that AT&T represents a fair amount of the people served via cable internet.
Regards, Eric Carroll
-- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Current thread:
- Re: How to secure the Internet in three easy steps, (continued)
- Re: How to secure the Internet in three easy steps Scott Granados (Oct 25)
- Re: How to secure the Internet in three easy steps batz (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 26)
- Odd behavior Joe (Oct 26)
- Re: Odd behavior Allan Liska (Oct 26)
- Re: Odd behavior Joe (Oct 26)
- Re: Odd behavior Scott Granados (Oct 27)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 26)
- RE: How to secure the Internet in three easy steps Eric M. Carroll (Oct 27)
- Re: How to secure the Internet in three easy steps Matthew S. Hallacy (Oct 27)
- Re: How to secure the Internet in three easy steps Joseph Barnhart (Oct 27)
- Re: How to secure the Internet in three easy steps William Warren (Oct 27)
- Re: How to secure the Internet in three easy steps Christopher Schulte (Oct 27)
- RE: How to secure the Internet in three easy steps Vivien M. (Oct 27)
- RE: How to secure the Internet in three easy steps alex (Oct 28)
- RE: How to secure the Internet in three easy steps Scott Granados (Oct 28)
- Re: How to secure the Internet in three easy steps Valdis . Kletnieks (Oct 28)
- Re: How to secure the Internet in three easy steps Joe (Oct 27)
- Re: How to secure the Internet in three easy steps dgold (Oct 29)
- Re: How to secure the Internet in three easy steps Matthew S. Hallacy (Oct 27)