Thank you, Comcast.

• Previous message (by thread): Thank you, Comcast.
• Next message (by thread): Thank you, Comcast.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I do on my network (well, the ISP, not the IX). It makes complete sense. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Mikael Abrahamsson" <swmike at swm.pp.se> 
To: "Jared Mauch" <jared at puck.nether.net> 
Cc: "NANOG list" <nanog at nanog.org> 
Sent: Friday, February 26, 2016 12:20:28 AM 
Subject: Re: Thank you, Comcast. 

On Thu, 25 Feb 2016, Jared Mauch wrote: 

> Make sure you permit TCP/53 for DNS queries so if TC=1 lookups work. 

Speaking of which, historically ISPs have been blocking TCP/135, TCP/445 
and a few others towards customers (at least that's what I know). TCP/25 
seems to be blocked as well. 

Why isn't UDP/53 blocked towards customers? I know historically there were 
resolvers that used UDP/53 as source port for queries, but is this the 
case nowadays? 

I know providers that have blocked UDP/53 towards customers as a 
countermeasure to the amplification attacks. As far as I heard, there were 
no customer complaints. 

-- 
Mikael Abrahamsson email: swmike at swm.pp.se 

• Previous message (by thread): Thank you, Comcast.
• Next message (by thread): Thank you, Comcast.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]