Blocking port 135?
Justin Shore
listuser at numbnuts.net
Sun Aug 3 23:17:26 UTC 2003
On Fri, 1 Aug 2003, Crist Clark wrote:
> And for this crowd, I should point out that blocking 135/udp blocks
> DCE-RPC which is used rather heavily by HP OpenView by default.
>
> You may hear some shrieks of pain should you chose to block 135/udp.
I bidirectionally blocked all NetBIOS ports (tcp and udp) a long time back
and have yet to have any problems. In fact I have blocked every single
port that's unique to a Microsoft product including the MS SQL ports. I
haven't seen any downside to doing that. I also block all Apple AFP ports
for the same reasons. For that matter SunRPC is also blocked. Basically
I weeded out all the ports that have major security issues and no valid
use for my users. Now I'm not a backbone provider but for my many users
we have experienced no problems and have avoided numerous security issues
because of it. A little preventative maintenance can go a long way.
My $.02
Justin
More information about the NANOG
mailing list