Firewall Wizards mailing list archives
RE: The home user problem returns
From: <lordchariot () earthlink net>
Date: Tue, 13 Sep 2005 20:34:00 -0400
beside ingress and egress filtering, how much might ISP's suffer for correcting some of the windows network protocol errors by not passing ports 135-139, 445 and 5000 etc across perimiters? Or even allowing them to braodcast witin the ISP's realm? Certainly would work to neuter the M$ issues to a low noise level would it not?
In the last 20 minutes it took to read the last batch of posts, I got 8 probes to 445 or 139. Of course, I'm denying all this so there is little threat to me, but I like to keep an eye on this kind of traffic to give me a feel for what's out there in the wild. Sep 13 19:42:57 PF SRC=71.0.173.129 DST=192.168.2.10 PROTO=TCP SPT=2633 DPT=445 Sep 13 19:44:06 PF SRC=71.0.243.133 DST=192.168.2.10 PROTO=TCP SPT=3767 DPT=445 Sep 13 19:48:54 PF SRC=71.0.243.133 DST=192.168.2.10 PROTO=TCP SPT=2574 DPT=445 Sep 13 19:58:04 PF SRC=71.0.129.190 DST=192.168.2.10 DF PROTO=TCP SPT=1592 DPT=445 Sep 13 19:59:10 PF SRC=86.193.83.45 DST=192.168.2.10 DF PROTO=TCP SPT=3416 DPT=139 Sep 13 19:59:13 PF SRC=86.193.83.45 DST=192.168.2.10 DF PROTO=TCP SPT=3416 DPT=139 Sep 13 19:59:19 PF SRC=86.193.83.45 DST=192.168.2.10 DF PROTO=TCP SPT=3416 DPT=139 Sep 13 20:01:53 PF SRC=71.130.34.177 DST=192.168.2.10 PROTO=TCP SPT=37388 DPT=445 However, I think all ISPs should be filtering all the MS networking ports by default. I can think of no good business reason to allow it. This would go a long way to mitigate many of the threats out there and it would reduce the number of calls from relatives, friends, neighbors, strangers that want me to help them clean out their infected machines. Now the question is, should the filtering be a premium service that users pay extra for, or is the UN-filtered traffic now premium that I have to pay extra for the priviledge of having? Kudos to Mason for having some of the basic port blocking in place. This and Anti-spoofing egress filtering should be must-haves for all ISPs. erik _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The home user problem returns, (continued)
- Re: The home user problem returns David Lang (Sep 14)
- Re: The home user problem returns mason (Sep 14)
- Re: The home user problem returns David Lang (Sep 14)
- RE: The home user problem returns Bill Royds (Sep 13)
- RE: The home user problem returns Hile . William (Sep 22)
- RE: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Brian Loe (Sep 13)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns lordchariot (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns hermit921 (Sep 13)
- RE: The home user problem returns Jim Seymour (Sep 13)
- Mitigating MS risks [Was: home users] Tina Bird (Sep 14)
- RE: The home user problem returns StefanDorn (Sep 22)
- RE: The home user problem returns Tina Bird (Sep 13)