|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: How to secure the Internet in three easy steps
Not really On Sun, 27 Oct 2002, Matthew S. Hallacy wrote: > > On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote: > > > > Sean, > > > > At Home's policy was that servers were administratively forbidden. It > > ran proactive port scans to detect them (which of course were subject to > > firewall ACLs) and actioned them under a complex and changing rule set. > > It frequently left enforcement to the local partner depending on > > contractual arrangements. It did not block ports. Non-transparent > > proxing was used for http - you could opt out if you knew how. > > > > While many DSL providers have taken up filtering port 25, the cable > > industry practice is mostly to leave ports alone. I know of one large > > Untrue, AT&T filters the following *on* the CPE: > > Ports / Direction / Protocol > > 137-139 -> any Both UDP > any -> 137-139 Both UDP > 137-139 -> any Both TCP > any -> 137-139 Both TCP > any -> 1080 Inbound TCP > any -> 1080 Inbound UDP > 68 -> 67 Inbound UDP > 67 -> 68 Inbound UDP > any -> 5000 Inbound TCP > any -> 1243 Inbound UDP > > And they block port 80 inbound TCP further out in their network. Overall, > cable providers more heavily than cable providers. > > I'd say that AT&T represents a fair amount of the people served via cable > internet. > > > > > Regards, > > > > Eric Carroll > > -- > Matthew S. Hallacy FUBAR, LART, BOFH Certified > http://www.poptix.net GPG public key 0x01938203 > ------------------------- Joseph Barnhart Florida Digital Turnpike Network Administrator http://www.fdt.net http://www.agilitybb.net -------------------------
|