|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: How to secure the Internet in three easy steps
On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote: > > Sean, > > At Home's policy was that servers were administratively forbidden. It > ran proactive port scans to detect them (which of course were subject to > firewall ACLs) and actioned them under a complex and changing rule set. > It frequently left enforcement to the local partner depending on > contractual arrangements. It did not block ports. Non-transparent > proxing was used for http - you could opt out if you knew how. > > While many DSL providers have taken up filtering port 25, the cable > industry practice is mostly to leave ports alone. I know of one large Untrue, AT&T filters the following *on* the CPE: Ports / Direction / Protocol 137-139 -> any Both UDP any -> 137-139 Both UDP 137-139 -> any Both TCP any -> 137-139 Both TCP any -> 1080 Inbound TCP any -> 1080 Inbound UDP 68 -> 67 Inbound UDP 67 -> 68 Inbound UDP any -> 5000 Inbound TCP any -> 1243 Inbound UDP And they block port 80 inbound TCP further out in their network. Overall, cable providers more heavily than cable providers. I'd say that AT&T represents a fair amount of the people served via cable internet. > > Regards, > > Eric Carroll -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
|