Re: How to secure the Internet in three easy steps

• From: William Warren
• Date: Sun Oct 27 21:05:40 2002

Not really

On Sun, 27 Oct 2002, Matthew S. Hallacy wrote:

On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote:

Sean,

At Home's policy was that servers were administratively forbidden. It
ran proactive port scans to detect them (which of course were subject to
firewall ACLs) and actioned them under a complex and changing rule set.
It frequently left enforcement to the local partner depending on
contractual arrangements. It did not block ports. Non-transparent
proxing was used for http - you could opt out if you knew how.
While many DSL providers have taken up filtering port 25, the cable
industry practice is mostly to leave ports alone. I know of one large

Untrue, AT&T filters the following *on* the CPE:

Ports  / Direction / Protocol

137-139 -> any Both UDP
any -> 137-139 Both UDP
137-139 -> any Both TCP
any -> 137-139 Both TCP
any -> 1080 Inbound TCP
any -> 1080 Inbound UDP
68 -> 67    Inbound UDP
67 -> 68    Inbound UDP
any -> 5000 Inbound TCP
any -> 1243 Inbound UDP

And they block port 80 inbound TCP further out in their network. Overall,
cable providers more heavily than cable providers.

I'd say that AT&T represents a fair amount of the people served via cable
internet.

Regards,

Eric Carroll

--
Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

-------------------------
Joseph Barnhart
Florida Digital Turnpike
Network Administrator
http://www.fdt.net
http://www.agilitybb.net
-------------------------

• Follow-Ups:
  • Re: How to secure the Internet in three easy steps Christopher Schulte

• References:
  • Re: How to secure the Internet in three easy steps Joseph Barnhart

• Prev by Date: Re: How to secure the Internet in three easy steps
• Next by Date: Re: How to secure the Internet in three easy steps
• Date Index
• Thread Index
• Author Index
• Historical