[60213] in North American Network Operators' Group
Re: Blocking port 135?
daemon@ATHENA.MIT.EDU (Justin Shore)
Sun Aug 3 19:23:45 2003
Date: Sun, 3 Aug 2003 18:17:26 -0500 (CDT)
From: Justin Shore <listuser@numbnuts.net>
To: Crist Clark <crist.clark@globalstar.com>
Cc: Bob German <bobgerman@irides.com>, <nanog@merit.edu>
In-Reply-To: <3F2AC997.D99CD9E8@globalstar.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 1 Aug 2003, Crist Clark wrote:
> And for this crowd, I should point out that blocking 135/udp blocks
> DCE-RPC which is used rather heavily by HP OpenView by default.
>
> You may hear some shrieks of pain should you chose to block 135/udp.
I bidirectionally blocked all NetBIOS ports (tcp and udp) a long time back
and have yet to have any problems. In fact I have blocked every single
port that's unique to a Microsoft product including the MS SQL ports. I
haven't seen any downside to doing that. I also block all Apple AFP ports
for the same reasons. For that matter SunRPC is also blocked. Basically
I weeded out all the ports that have major security issues and no valid
use for my users. Now I'm not a backbone provider but for my many users
we have experienced no problems and have avoided numerous security issues
because of it. A little preventative maintenance can go a long way.
My $.02
Justin
