Blocking port 135?

• Previous message (by thread): Blocking port 135?
• Next message (by thread): Blocking port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mans Nilsson wrote:
> * If you block and interfere, you are responsible for what your 
>   customer does. You Do Not Want That. 

Depends on why you block and interfere. Intention plays a large part 
according to law. In this case, it's to protect the network 
infrastructure from a high probability outage and overall security of 
the customer's box is inconsequential. Some other things following this 
intent; filtering of problem networks during attacks, executable 
stripping or virus scanning (we don't warrant you won't get a virus, but 
minimize the overall virus throughput in our network to maintain 
operational mail servers), and suspension of insecure systems or 
spammers (primary goal is to keep the entire network from being 
blacklisted publicly or privately, secondary goal is good neighbor policy).

> * If my home ISP tried this on me, I'd take them to the consumer 
>   protection authority and have them explain why they are calling their
>   filtered service "Internet access". 

Many AUP/TOS aggreements have interesting no-server clauses. Blocking 
135 inbound to those systems would not breach "Internet access" as the 
customer shouldn't have a server running on that port. The lack of <1024 
filtering on such AUP/TOS services is courtesy really. If it's not a 
problem to the network, the ISP generally doesn't care.

> Instead, I'd suggest this: 
> 

You fogot to mention:

- Setup detection systems and perform immediate contact on accounts that 
  trigger the system to determine if it's legitimate or not. If not, bye 
bye.

Of course, this only stops outbound issues. It does nothing to prevent 
inbound, and in the event of a worm, you'd better make sure you have 
double and triple methodologies in place to stabalize your network. I 
received a lot of reports on the issues people had with Saphire. What 
took me less than a few minutes took some hours just to access their 
equipment. Suggestion? Prewrite the lists and have them in place and 
know ahead of time how you'll activate them when the network is under 
extreme load.


-Jack

• Previous message (by thread): Blocking port 135?
• Next message (by thread): Blocking port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]