[60140] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Blocking port 135?

daemon@ATHENA.MIT.EDU (Sean Donelan)
Fri Aug 1 15:00:13 2003

Date: Fri, 1 Aug 2003 14:51:18 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0308011335310.30966-100000@adibox.knet.ca>
Errors-To: owner-nanog-outgoing@merit.edu

On Fri, 1 Aug 2003, Adi Linden wrote:
> http://www.cert.org/advisories/CA-2003-19.html
>
> Would blocking port 135 at the network edge be a prudent preventative
> measure?

It depends.

  Do you have a network edge?
  Do you have the resources to block it?
  Do you need it for anything else?
  Have you left other holes open?

In reality blocking port 135 is almost never sufficient.  Its slightly
better than waving a dead chicken over your PC.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[60140] in North American Network Operators' Group

Re: Blocking port 135?

daemon@ATHENA.MIT.EDU (Sean Donelan)Fri Aug 1 15:00:13 2003

daemon@ATHENA.MIT.EDU (Sean Donelan)
Fri Aug 1 15:00:13 2003