North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What do you want your ISP to block today?

  • From: William Devine, II
  • Date: Wed Sep 03 15:34:52 2003

I would think that any company that outsourced exchange services to another
entity would want either a VPN between their two offices or a direct PtP
link.
But I also know that the most logical method is not always understandable to
the pointy haired people.

william

----- Original Message ----- 
From: "Sean Donelan" <[email protected]>
To: "Johannes Ullrich" <[email protected]>
Cc: <[email protected]>
Sent: Wednesday, September 03, 2003 1:51 PM
Subject: Re: What do you want your ISP to block today?


>
> On Wed, 3 Sep 2003, Johannes Ullrich wrote:
> > I just summarized my thoughts on this topic here:
> > http://www.sans.org/rr/special/isp_blocking.php
> >
> > Overall: I think there are some ports (135, 137, 139, 445),
> > a consumer ISP should block as close to the customer as
> > they can.
>
> If ISPs had blocked port 119, Sobig could not have been distributed
> via USENET.
>
>
> Perhaps unbelievably to people on this mailing list, many people
> legitimately use 135, 137, 139 and 445 over the open Internet
> everyday. Which protocols do you think are used more on today's
> Internet?  SSH or NETBIOS?
>
> Some businesses have create an entire industry of outsourcing Exchange
> service which need all their customers to be able to use those ports.
>
> http://www.mailstreet.net/MS/urgent.asp
>
> http://dmoz.org/Computers/Software/Groupware/Microsoft_Exchange/
>
> If done properly, those ports are no more or less "dangerous" than
> any other 16-bit port number used for TCP or UDP protocol headers.
>
>
> But we need to be careful not to make the mistake that just because
> we don't use those ports that the protocols aren't useful to other
> people.
>
>
>