North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What do you want your ISP to block today?
I would think that any company that outsourced exchange services to another entity would want either a VPN between their two offices or a direct PtP link. But I also know that the most logical method is not always understandable to the pointy haired people. william ----- Original Message ----- From: "Sean Donelan" <[email protected]> To: "Johannes Ullrich" <[email protected]> Cc: <[email protected]> Sent: Wednesday, September 03, 2003 1:51 PM Subject: Re: What do you want your ISP to block today? > > On Wed, 3 Sep 2003, Johannes Ullrich wrote: > > I just summarized my thoughts on this topic here: > > http://www.sans.org/rr/special/isp_blocking.php > > > > Overall: I think there are some ports (135, 137, 139, 445), > > a consumer ISP should block as close to the customer as > > they can. > > If ISPs had blocked port 119, Sobig could not have been distributed > via USENET. > > > Perhaps unbelievably to people on this mailing list, many people > legitimately use 135, 137, 139 and 445 over the open Internet > everyday. Which protocols do you think are used more on today's > Internet? SSH or NETBIOS? > > Some businesses have create an entire industry of outsourcing Exchange > service which need all their customers to be able to use those ports. > > http://www.mailstreet.net/MS/urgent.asp > > http://dmoz.org/Computers/Software/Groupware/Microsoft_Exchange/ > > If done properly, those ports are no more or less "dangerous" than > any other 16-bit port number used for TCP or UDP protocol headers. > > > But we need to be careful not to make the mistake that just because > we don't use those ports that the protocols aren't useful to other > people. > > >
|