commonly blocked ISP ports

• Previous message (by thread): commonly blocked ISP ports
• Next message (by thread): commonly blocked ISP ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 14 Sep 2005 14:42:56 CDT, Luke Parrish said:
> We have a list, some reactive and some proactive, however we need to remove 
> ports that are no longer a threat and add new ones as they are published.

All ports that are open are threats, at least potentially.  What you *should*
be doing is:

a) When you block a new port due to a current exploit, log the fact.
b) Work with customers/users to make sure they're patched, and that new machines
are patched before they go live.
c) When probing for the port stops (which it never does), or some sufficient
number of downstream boxes are patched and safe, remove the block.

Either that, or block the world, and open ports on request.

Remember - *you* are the only one on this list who really knows if a given
port is a threat anymore....

(And that's totally skipping all the noise about corporate firewalls versus ISP
firewalls and different expectations regarding security/transparency...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050914/c96c5bfa/attachment.sig>

• Previous message (by thread): commonly blocked ISP ports
• Next message (by thread): commonly blocked ISP ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]