Providers removing blocks on port 135?
Ray Bellis
rpb at community.net.uk
Sat Sep 20 22:22:34 UTC 2003
> However, I'm not convinced blocking port 25 on
> dialups helps much with that. What it does
> help with is preventing them from connecting to
> open relays.
We don't stop our dial customers from getting *to* anything.
What we do have though are (optional) *inbound* filters that make sure
no-one can connect to their privileged ports over TCP/IP, and a mandatory
filter that says only our network can deliver to their SMTP service.
We don't get problems with open-relays on dialups. We didn't have any
problems with MS-Blaster on dialups either...
I'm considering adding privileged port filters for UDP/IP too, although
again it would be optional so that customers who run their own UDP/IP
services can get their responses (i.e. cacheing DNS, IKE, NTP, etc).
Ray
More information about the NANOG
mailing list