[60143] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Blocking port 135?

daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Aug 1 15:07:50 2003

From: "Stephen Sprunk" <stephen@sprunk.org>
To: "Adi Linden" <adil@adis.on.ca>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Fri, 1 Aug 2003 14:02:21 -0500
Errors-To: owner-nanog-outgoing@merit.edu


Thus spake "Adi Linden" <adil@adis.on.ca>
> http://www.cert.org/advisories/CA-2003-19.html
>
> Would blocking port 135 at the network edge be a prudent preventative
> measure?

If you see your job as protecting users from their own ignorance, blocking
135-139 both tcp and udp has been prudent for nearly a decade.  However, not
all providers share that view.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[60143] in North American Network Operators' Group

Re: Blocking port 135?

daemon@ATHENA.MIT.EDU (Stephen Sprunk)Fri Aug 1 15:07:50 2003

daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Aug 1 15:07:50 2003