Home page logo

nanog logo nanog mailing list archives

Re: Blocking port 135?
From: Sean Donelan <sean () donelan com>
Date: Sat, 2 Aug 2003 14:56:19 -0400 (EDT)

On Sat, 2 Aug 2003, Jack Bates wrote:
Many AUP/TOS aggreements have interesting no-server clauses. Blocking
135 inbound to those systems would not breach "Internet access" as the
customer shouldn't have a server running on that port. The lack of <1024
filtering on such AUP/TOS services is courtesy really. If it's not a
problem to the network, the ISP generally doesn't care.

The Slammer worm was > 1024.

As someone else pointed out, if you want the ISP to provide you with a
completely "safe" network you will end up with something like Minitel.
ISPs do not control what Microsoft puts in its operating systems, bugs,
features or other things.  ISPs also did not control the introduction
of NCSA Mosaic, Real Streaming, IRC Chat or most of the other things.

Services which require the ISP to "update" their network are always
at a disadvantage, such as Multicast or IPv6.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]