What do you want your ISP to block today?

Sean Donelan sean at donelan.com
Wed Sep 3 18:51:29 UTC 2003


On Wed, 3 Sep 2003, Johannes Ullrich wrote:
> I just summarized my thoughts on this topic here:
> http://www.sans.org/rr/special/isp_blocking.php
>
> Overall: I think there are some ports (135, 137, 139, 445),
> a consumer ISP should block as close to the customer as
> they can.

If ISPs had blocked port 119, Sobig could not have been distributed
via USENET.


Perhaps unbelievably to people on this mailing list, many people
legitimately use 135, 137, 139 and 445 over the open Internet
everyday. Which protocols do you think are used more on today's
Internet?  SSH or NETBIOS?

Some businesses have create an entire industry of outsourcing Exchange
service which need all their customers to be able to use those ports.

http://www.mailstreet.net/MS/urgent.asp

http://dmoz.org/Computers/Software/Groupware/Microsoft_Exchange/

If done properly, those ports are no more or less "dangerous" than
any other 16-bit port number used for TCP or UDP protocol headers.


But we need to be careful not to make the mistake that just because
we don't use those ports that the protocols aren't useful to other
people.





More information about the NANOG mailing list