mailing list archives
RE: Blocking port 135?
From: "Bob German" <bobgerman () irides com>
Date: Sat, 2 Aug 2003 10:18:27 -0400
None of the exceptions mentioned means you can't filter. We practice a
policy of informed filtering. We filter by default, and if the customer
requests unfiltered and understands the risks involved, we add an
exception for their connection. By default, we filter all of the usual
Windows ports, plus a few other known-sketchy ports and port
From: Jason Slagle [mailto:raistlin () tacorp net]
Sent: Saturday, August 02, 2003 10:12 AM
To: Bruce Pinsky
Cc: Bob German; nanog () merit edu
Subject: Re: Blocking port 135?
On Fri, 1 Aug 2003, Bruce Pinsky wrote:
And filtering 445 in the outbound direction to prevent attacks from
the inside out is probably prudent as well.
Unfortunatly I've ran into at least 1 rather big example of a company
using 445 for SSL since they wanted to put more then 1 cert on a
In this case it was a check clearing house, and a bank couldn't reach
them because their ISP was filtering their T1.
Jason Slagle - CCNP - CCDP
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ / ASCII Ribbon Campaign .
X - NO HTML/RTF in e-mail .
/ \ - NO Word docs in e-mail .
RE: Blocking port 135? Bob German (Aug 01)
Re: Blocking port 135? Crist Clark (Aug 01)
Re: Blocking port 135? Jared Mauch (Aug 01)
Re: Blocking port 135? Stephen Sprunk (Aug 01)
RE: Blocking port 135? Chris Johnston (Aug 02)
Re: Blocking port 135? Mans Nilsson (Aug 02)
- Re: Blocking port 135?, (continued)