nanog mailing list archives
Re: Blocking port 135?
From: Sean Donelan <sean () donelan com>
Date: Fri, 1 Aug 2003 21:29:52 -0400 (EDT)
On Fri, 1 Aug 2003, Christopher L. Morrow wrote:
On Fri, 1 Aug 2003, Sean Donelan wrote:In reality blocking port 135 is almost never sufficient. Its slightly better than waving a dead chicken over your PC.its far less stinky than the chicken option though, you must admit that.
yep. If you want to be in loco parentis for users, most residential users should block *ALL* inbound connections using a statefull firewall. Most residential users do not intend to run Internet servers. Blocking port 135 is not sufficient to "protect" Microsoft software. There are lots of other holes. Practically, the best place to make this decision is as close to the user as possible. The ISP doesn't "know" what the user intended to do. Mind-reading customer care hasn't worked out as well as we thought. There are cheap hardware firewalls and free/cheap software firewalls that are easy and effective to use. Most places that sell PC's also sell personal firewalls, anti-virus, and even backup systems. Your own personal firewall can block everything out of the box, and can be changed locally (you don't need to wait for the ISP).
Current thread:
- Blocking port 135? Adi Linden (Aug 01)
- Re: Blocking port 135? Sean Donelan (Aug 01)
- Re: Blocking port 135? Christopher L. Morrow (Aug 01)
- Re: Blocking port 135? bmanning (Aug 01)
- Re: Blocking port 135? Richard Irving (Aug 01)
- Re: Blocking port 135? Sean Donelan (Aug 01)
- Re: Blocking port 135? Jack Bates (Aug 01)
- Re: Blocking port 135? Christopher L. Morrow (Aug 01)
- Re: Blocking port 135? Christopher L. Morrow (Aug 01)
- Re: Blocking port 135? Sean Donelan (Aug 01)
- RE: Blocking port 135? Adi Linden (Aug 01)
- RE: Blocking port 135? Jason Robertson (Aug 01)
- Re: Blocking port 135? Bruce Pinsky (Aug 01)
- Re: Blocking port 135? Jason Slagle (Aug 02)
- RE: Blocking port 135? Bob German (Aug 02)
- Re: Blocking port 135? Justin Shore (Aug 03)