North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: How to secure the Internet in three easy steps
I Second that. AT&T blocks ports (depending where you are) but won't come right out and say it. On a call to them over a year ago while testing DSL versus Cable in San Jose, it took almost an hour to get them to admit that they were blocking ports 137-139, and even then there was no formal acknowledgement of this blocking. If I was a betting man, which I'm not, I'd bet on them blocking udp 53 as well. No standard as I see it, depends on the child company managing the cable service. Just my 2�s tho -Joe ----- Original Message ----- From: "Joseph Barnhart" <[email protected]> To: "Matthew S. Hallacy" <[email protected]> Cc: <[email protected]> Sent: Sunday, October 27, 2002 8:46 PM Subject: Re: How to secure the Internet in three easy steps > > Not really > > On Sun, 27 Oct 2002, Matthew S. Hallacy wrote: > > > > > On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote: > > > > > > Sean, > > > > > > At Home's policy was that servers were administratively forbidden. It > > > ran proactive port scans to detect them (which of course were subject to > > > firewall ACLs) and actioned them under a complex and changing rule set. > > > It frequently left enforcement to the local partner depending on > > > contractual arrangements. It did not block ports. Non-transparent > > > proxing was used for http - you could opt out if you knew how. > > > > > > While many DSL providers have taken up filtering port 25, the cable > > > industry practice is mostly to leave ports alone. I know of one large > > > > Untrue, AT&T filters the following *on* the CPE: > > > > Ports / Direction / Protocol > > > > 137-139 -> any Both UDP > > any -> 137-139 Both UDP > > 137-139 -> any Both TCP > > any -> 137-139 Both TCP > > any -> 1080 Inbound TCP > > any -> 1080 Inbound UDP > > 68 -> 67 Inbound UDP > > 67 -> 68 Inbound UDP > > any -> 5000 Inbound TCP > > any -> 1243 Inbound UDP > > > > And they block port 80 inbound TCP further out in their network. Overall, > > cable providers more heavily than cable providers. > > > > I'd say that AT&T represents a fair amount of the people served via cable > > internet. > > > > > > > > Regards, > > > > > > Eric Carroll > > > > -- > > Matthew S. Hallacy FUBAR, LART, BOFH Certified > > http://www.poptix.net GPG public key 0x01938203 > > > > > > ------------------------- > Joseph Barnhart > Florida Digital Turnpike > Network Administrator > http://www.fdt.net > http://www.agilitybb.net > ------------------------- > > > >
|