![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Blocking port 135?
From: Justin Shore <listuser () numbnuts net>
Date: Sun, 3 Aug 2003 18:17:26 -0500 (CDT)
On Fri, 1 Aug 2003, Crist Clark wrote:
And for this crowd, I should point out that blocking 135/udp blocks DCE-RPC which is used rather heavily by HP OpenView by default. You may hear some shrieks of pain should you chose to block 135/udp.
I bidirectionally blocked all NetBIOS ports (tcp and udp) a long time back and have yet to have any problems. In fact I have blocked every single port that's unique to a Microsoft product including the MS SQL ports. I haven't seen any downside to doing that. I also block all Apple AFP ports for the same reasons. For that matter SunRPC is also blocked. Basically I weeded out all the ports that have major security issues and no valid use for my users. Now I'm not a backbone provider but for my many users we have experienced no problems and have avoided numerous security issues because of it. A little preventative maintenance can go a long way. My $.02 Justin
Current thread:
- Re: Blocking port 135?, (continued)
- Re: Blocking port 135? Sean Donelan (Aug 01)
- Re: Blocking port 135? Jack Bates (Aug 01)
- Re: Blocking port 135? Christopher L. Morrow (Aug 01)
- RE: Blocking port 135? Adi Linden (Aug 01)
- RE: Blocking port 135? Jason Robertson (Aug 01)
- Re: Blocking port 135? Bruce Pinsky (Aug 01)
- Re: Blocking port 135? Jason Slagle (Aug 02)
- RE: Blocking port 135? Bob German (Aug 02)
- Re: Blocking port 135? Justin Shore (Aug 03)
- Re: Blocking port 135? Jack Bates (Aug 02)
- Re: Blocking port 135? Mans Nilsson (Aug 02)
- Re: Blocking port 135? Sean Donelan (Aug 02)
- Re: Blocking port 135? Christopher L. Morrow (Aug 02)