Providers removing blocks on port 135?

Jack Bates jbates at brightok.net
Fri Sep 19 14:47:32 UTC 2003


Adam Hall wrote:

> 
> 
> Anyone know anything about prorviders removing ACLs from their routers 
> to allow ports 135/445/4444 back into their network?  Curious only 
> because customers are calling in saying that Verizon, Cox, Bellsouth, 
> and DSL.net are doing so and seem to have a big problem with the fact 
> that we're hesitent follow their lead.
> 

No two networks are the same, nor do they have the same issues. The new 
RPC exploit worm will be interesting to watch on the above networks if 
they've dropped their blocks. There's also a question of at which layer 
they have done so. For example, if blocks were removed from central 
sites in favor of blocks that were pushed out to the end users.

Allowing the various scans out costs other people money. If nothing 
else, I'll leave 135 in place long enough to ensure that the number of 
users that are infected are manageable. My transit customers are all 
telling me the same thing. They are still pushing it to get people 
cleaned up and patched. They want their blocks to remain (so they don't 
have to pay us more).

-Jack




More information about the NANOG mailing list