Any actual data to back up blocking Netbios ports?

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Any actual data to back up blocking Netbios ports?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 20 Sep 2003, Justin Shore wrote:
> Abosulutely.  At least if the customer wants technical support or plans on
> paying for their bandwidth.  It costs *more* resources for an ISP to *not*
> filter ports and it costs them *less* resources to filter known ports that
> are rarely used by Joe Blow average user but the cause of 99% of their

The majority of viruses still spread through port 25 and port 80.

I've asked other providers about their experiences.  Based on their
experiences, the number of incidents for providers that filtered
netbios was essentially the same as providers that didn't.  It didn't
significantly change the number of calls to their help desks over the
long-term (e.g. 6 months) either.  They were hit with the same number of
drop-everything-all-hands-on-deck incidents.  Microsoft Windows has
more than enough vulnerabilities. Blocking a few ports doesn't change
much.  Deleting Outlook might help :-)

I know how people working the help desk feel.  But is this a case of "do
something" rather than figuring out what the problem is.

What data do people have to back up blocking specific ports.  What were
your control groups?  With Trojan proxies appear on almost any port,
blocking anything less than every port will be ineffective.

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Any actual data to back up blocking Netbios ports?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]