nanog mailing list archives
Re: What do you want your ISP to block today?
From: Vinny Abello <vinny () tellurian com>
Date: Wed, 03 Sep 2003 15:05:14 -0400
At 02:51 PM 9/3/2003, Sean Donelan wrote:
On Wed, 3 Sep 2003, Johannes Ullrich wrote: > I just summarized my thoughts on this topic here: > http://www.sans.org/rr/special/isp_blocking.php > > Overall: I think there are some ports (135, 137, 139, 445), > a consumer ISP should block as close to the customer as > they can. If ISPs had blocked port 119, Sobig could not have been distributed via USENET. Perhaps unbelievably to people on this mailing list, many people legitimately use 135, 137, 139 and 445 over the open Internet everyday. Which protocols do you think are used more on today's Internet? SSH or NETBIOS? Some businesses have create an entire industry of outsourcing Exchange service which need all their customers to be able to use those ports. http://www.mailstreet.net/MS/urgent.asp http://dmoz.org/Computers/Software/Groupware/Microsoft_Exchange/ If done properly, those ports are no more or less "dangerous" than any other 16-bit port number used for TCP or UDP protocol headers. But we need to be careful not to make the mistake that just because we don't use those ports that the protocols aren't useful to other people.
Even on Windows they can be used in a much safer fashion (although I would never attempt it for any of my stuff). It is possible to use IPSec policies on 2000 and higher to encrypt all traffic on specified ports to specified hosts/networks and block all other traffic. I bet some people are using this to join remote locations securely to each other for Windows networking with these ports and IPSec policies.
Vinny Abello Network Engineer Server Management vinny () tellurian com (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIANThere are 10 kinds of people in the world. Those who understand binary and those that don't.
Current thread:
- Re: What do you want your ISP to block today? Vadim Antonov (Sep 01)
- RE: What do you want your ISP to block today? David Schwartz (Sep 01)
- RE: What do you want your ISP to block today? Vadim Antonov (Sep 02)
- RE: What do you want your ISP to block today? David Schwartz (Sep 02)
- RE: What do you want your ISP to block today? Vadim Antonov (Sep 02)
- Re: What do you want your ISP to block today? Valdis . Kletnieks (Sep 02)
- Re: What do you want your ISP to block today? Johannes Ullrich (Sep 03)
- Re: What do you want your ISP to block today? Sean Donelan (Sep 03)
- Message not available
- Re: What do you want your ISP to block today? Vinny Abello (Sep 03)
- Re: What do you want your ISP to block today? Johannes Ullrich (Sep 03)
- Re: What do you want your ISP to block today? Owen DeLong (Sep 03)
- Re: What do you want your ISP to block today? Johannes Ullrich (Sep 03)
- Re: What do you want your ISP to block today? Petri Helenius (Sep 03)
- Re: What do you want your ISP to block today? Gerardo Gregory (Sep 03)
- Re: What do you want your ISP to block today? Jack Bates (Sep 04)
- RE: What do you want your ISP to block today? Vadim Antonov (Sep 02)
- RE: What do you want your ISP to block today? David Schwartz (Sep 01)
- Re: What do you want your ISP to block today? alex (Sep 03)
- Re: What do you want your ISP to block today? Johannes Ullrich (Sep 03)
- Re: What do you want your ISP to block today? Petri Helenius (Sep 03)
- Re: What do you want your ISP to block today? Johannes Ullrich (Sep 03)