North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Providers removing blocks on port 135?

  • From: Ray Bellis
  • Date: Sat Sep 20 18:26:31 2003

> However, I'm not convinced blocking port 25 on
> dialups helps much with that.  What it does
> help with is preventing them from connecting to
> open relays.

We don't stop our dial customers from getting *to* anything.

What we do have though are (optional) *inbound* filters that make sure
no-one can connect to their privileged ports over TCP/IP, and a mandatory
filter that says only our network can deliver to their SMTP service.

We don't get problems with open-relays on dialups.  We didn't have any
problems with MS-Blaster on dialups either...

I'm considering adding privileged port filters for UDP/IP too, although
again it would be optional so that customers who run their own UDP/IP
services can get their responses (i.e. cacheing DNS, IKE, NTP, etc).

Ray