Home page logo

nanog logo nanog mailing list archives

Re: Port blocking last resort in fight against virus
From: Sean Donelan <sean () donelan com>
Date: Tue, 12 Aug 2003 22:42:38 -0400 (EDT)

On Tue, 12 Aug 2003, Randy Bush wrote:
Is it just me that feels that blocking a port which is known to be used
to perform billions of scans is only proper?

the second, and important part of the, question is whether there
are legitimate packets to that port which want to cross your border.
for 135, i am not aware of any that should cross my site's border

Who should determine what protocols can cross your site's border router?
You or your ISP (ignoring the fact a lot of people on this list are their
own ISP)?

80% or more of customers wouldn't notice if you blocked everything on
their connection except HTTP/HTTPS and DNS.  So why do ISPs let all
the other infection laden protocols reach their customers?

Fix spam - block port 25
Fix Slammer - block port 1434
Fix Blaster - block port 135
Fix KaZaA - block everything

I think filters/firewalls are usefull.  I believe every computer should
have one.  I have several.  I just disagree on who should control the

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]