ISPs' willingness to take action

William Devine, II william at smartguys.net
Mon Oct 27 15:40:01 UTC 2003


I can verify this as well.   We block all windows ports, in and out, and
have a few clients that we've had to put exclusions in the filters for.  Get
this, they're in the US, their Exchange server is in the UK, and instead of
doing a VPN between their office (of 20 employees) and the remote office,
they all use the UK's WINS Server and attach to the Exchange server through
a NAT router.  The only reason so far that I've been able to gleam why they
don't do a VPN was that the IT consultant for the parent company suggested
it and this local supervisor doesn't like him so won't do anything he
suggests, even if it's good advice.
We have another client who hosts an exchange server for a few remote users
and I finally got them to at least use PPTP when Road Runner blocked 135-139
ports (and their remote users are all @ home on RR).

william

----- Original Message ----- 
From: "Christopher L. Morrow" <chris at UU.NET>
To: "Stewart, William C (Bill), RTSLS" <billstewart at att.com>
Cc: <nanog at merit.edu>
Sent: Monday, October 27, 2003 9:08 AM
Subject: Re: ISPs' willingness to take action


>
>
>
> On Mon, 27 Oct 2003, Stewart, William C (Bill), RTSLS wrote:
>
> >
> > Brian Bruns asserts that there are lots of home users
> > connecting to their office Exchange servers without VPNs,
> > and that therefore blocking the Microsoft ports was bad.
> > While I agree with his point that you shouldn't do it
> > without documenting what you are or are not blocking,
> > I'm really surprised to hear the assertion that people are
> > leaving unfirewalled Exchange servers out on the net.
> > Is this actually common?    /shudders...
>
> apparently so... reference long discussions on nanog regarding blocking
> welchia/nachi... People even, SHOCKER, use smb shares over the internet
> without vpns or firewalls :(
>





More information about the NANOG mailing list