How to secure the Internet in three easy steps

• Previous message (by thread): How to secure the Internet in three easy steps
• Next message (by thread): How to secure the Internet in three easy steps
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I Second that.

AT&T  blocks ports (depending where you are) but won't come
right out and say it. On a call to them over a year ago
while testing DSL versus Cable in San Jose, it took almost an hour to get
them to admit that they were blocking ports 137-139, and even then there
was no formal acknowledgement of this blocking.
If I was a betting man, which I'm not, I'd bet on them blocking udp 53 as
well.

No standard as I see it, depends on the child company managing the cable
service.

Just my  2¢s tho
-Joe

----- Original Message -----
From: "Joseph Barnhart" <flaboy at fdt.net>
To: "Matthew S. Hallacy" <poptix at techmonkeys.org>
Cc: <nanog at merit.edu>
Sent: Sunday, October 27, 2002 8:46 PM
Subject: Re: How to secure the Internet in three easy steps


>
> Not really
>
> On Sun, 27 Oct 2002, Matthew S. Hallacy wrote:
>
> >
> > On Sun, Oct 27, 2002 at 02:35:23PM -0500, Eric M. Carroll wrote:
> > >
> > > Sean,
> > >
> > > At Home's policy was that servers were administratively forbidden. It
> > > ran proactive port scans to detect them (which of course were subject
to
> > > firewall ACLs) and actioned them under a complex and changing rule
set.
> > > It frequently left enforcement to the local partner depending on
> > > contractual arrangements. It did not block ports. Non-transparent
> > > proxing was used for http - you could opt out if you knew how.
> > >
> > > While many DSL providers have taken up filtering port 25, the cable
> > > industry practice is mostly to leave ports alone. I know of one large
> >
> > Untrue, AT&T filters the following *on* the CPE:
> >
> > Ports  / Direction / Protocol
> >
> > 137-139 -> any Both UDP
> > any -> 137-139 Both UDP
> > 137-139 -> any Both TCP
> > any -> 137-139 Both TCP
> > any -> 1080 Inbound TCP
> > any -> 1080 Inbound UDP
> > 68 -> 67    Inbound UDP
> > 67 -> 68    Inbound UDP
> > any -> 5000 Inbound TCP
> > any -> 1243 Inbound UDP
> >
> > And they block port 80 inbound TCP further out in their network.
Overall,
> > cable providers more heavily than cable providers.
> >
> > I'd say that AT&T represents a fair amount of the people served via
cable
> > internet.
> >
> > >
> > > Regards,
> > >
> > > Eric Carroll
> >
> > --
> > Matthew S. Hallacy                            FUBAR, LART, BOFH
Certified
> > http://www.poptix.net                           GPG public key
0x01938203
> >
>
>
>
> -------------------------
> Joseph Barnhart
> Florida Digital Turnpike
> Network Administrator
> http://www.fdt.net
> http://www.agilitybb.net
> -------------------------
>
>
>
>

• Previous message (by thread): How to secure the Internet in three easy steps
• Next message (by thread): How to secure the Internet in three easy steps
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]