[62666] in North American Network Operators' Group
Re: Providers removing blocks on port 135?
daemon@ATHENA.MIT.EDU (Ray Bellis)
Sat Sep 20 18:25:13 2003
From: "Ray Bellis" <rpb@community.net.uk>
To: <nanog@nanog.org>
Date: Sat, 20 Sep 2003 23:22:34 +0100
Errors-To: owner-nanog-outgoing@merit.edu
> However, I'm not convinced blocking port 25 on
> dialups helps much with that. What it does
> help with is preventing them from connecting to
> open relays.
We don't stop our dial customers from getting *to* anything.
What we do have though are (optional) *inbound* filters that make sure
no-one can connect to their privileged ports over TCP/IP, and a mandatory
filter that says only our network can deliver to their SMTP service.
We don't get problems with open-relays on dialups. We didn't have any
problems with MS-Blaster on dialups either...
I'm considering adding privileged port filters for UDP/IP too, although
again it would be optional so that customers who run their own UDP/IP
services can get their responses (i.e. cacheing DNS, IKE, NTP, etc).
Ray
