Blocking port 135?

• Previous message (by thread): Blocking port 135?
• Next message (by thread): Blocking port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

None of the exceptions mentioned means you can't filter.  We practice a
policy of informed filtering.  We filter by default, and if the customer
requests unfiltered and understands the risks involved, we add an
exception for their connection.  By default, we filter all of the usual
Windows ports, plus a few other known-sketchy ports and port
combinations.  





-----Original Message-----
From: Jason Slagle [mailto:raistlin at tacorp.net] 
Sent: Saturday, August 02, 2003 10:12 AM
To: Bruce Pinsky
Cc: Bob German; nanog at merit.edu
Subject: Re: Blocking port 135?


On Fri, 1 Aug 2003, Bruce Pinsky wrote:

> And filtering 445 in the outbound direction to prevent attacks from 
> the inside out is probably prudent as well.

Unfortunatly I've ran into at least 1 rather big example of a company
using 445 for SSL since they wanted to put more then 1 cert on a
machine.

In this case it was a check clearing house, and a bank couldn't reach
them because their ISP was filtering their T1.

Jason


-- 
Jason Slagle - CCNP - CCDP
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
\ /   ASCII Ribbon Campaign  .
 X  - NO HTML/RTF in e-mail  .
/ \ - NO Word docs in e-mail .

• Previous message (by thread): Blocking port 135?
• Next message (by thread): Blocking port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]