Firewall Wizards mailing list archives

RE: The home user problem returns

From: <lordchariot () earthlink net>
Date: Tue, 13 Sep 2005 20:34:00 -0400

beside ingress and egress filtering, how much might ISP's suffer for
correcting some of the windows network protocol errors by not passing
ports 135-139, 445 and 5000 etc across perimiters?  Or even allowing
them to braodcast witin the ISP's realm?  Certainly would work to neuter
the M$ issues to a low noise level would it not?



In the last 20 minutes it took to read the last batch of posts, I got 8
probes to 445 or 139.
Of course, I'm denying all this so there is little threat to me, but I like
to keep an eye on this kind of traffic to give me a feel for what's out
there in the wild.

Sep 13 19:42:57 PF SRC=71.0.173.129 DST=192.168.2.10 PROTO=TCP SPT=2633
DPT=445
Sep 13 19:44:06 PF SRC=71.0.243.133 DST=192.168.2.10 PROTO=TCP SPT=3767
DPT=445
Sep 13 19:48:54 PF SRC=71.0.243.133 DST=192.168.2.10 PROTO=TCP SPT=2574
DPT=445
Sep 13 19:58:04 PF SRC=71.0.129.190 DST=192.168.2.10 DF PROTO=TCP SPT=1592
DPT=445
Sep 13 19:59:10 PF SRC=86.193.83.45 DST=192.168.2.10 DF PROTO=TCP SPT=3416
DPT=139
Sep 13 19:59:13 PF SRC=86.193.83.45 DST=192.168.2.10 DF PROTO=TCP SPT=3416
DPT=139
Sep 13 19:59:19 PF SRC=86.193.83.45 DST=192.168.2.10 DF PROTO=TCP SPT=3416
DPT=139
Sep 13 20:01:53 PF SRC=71.130.34.177 DST=192.168.2.10 PROTO=TCP SPT=37388
DPT=445


However, I think all ISPs should be filtering all the MS networking ports by
default. I can think of no good business reason to allow it. This would go a
long way to mitigate many of the threats out there and it would reduce the
number of calls from relatives, friends, neighbors, strangers that want me
to help them clean out their infected machines.

Now the question is, should the filtering be a premium service that users
pay extra for, or is the UN-filtered traffic now premium that I have to pay
extra for the priviledge of having?

Kudos to Mason for having some of the basic port blocking in place. This and
Anti-spoofing egress filtering should be must-haves for all ISPs.

erik




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: The home user problem returns, (continued)
- - - Re: The home user problem returns David Lang (Sep 14)
    - Re: The home user problem returns mason (Sep 14)
    - Re: The home user problem returns David Lang (Sep 14)
    - RE: The home user problem returns Bill Royds (Sep 13)
    - RE: The home user problem returns Hile . William (Sep 22)
    - RE: The home user problem returns Jim Seymour (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
  - RE: The home user problem returns Brian Loe (Sep 13)
  - Re: The home user problem returns R. DuFresne (Sep 13)
    - Re: The home user problem returns Mason Schmitt (Sep 13)
    - RE: The home user problem returns lordchariot (Sep 13)
- RE: The home user problem returns Behm, Jeffrey L. (Sep 13)
  - Re: The home user problem returns Mason Schmitt (Sep 13)
  - RE: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Scott Pinzon (Sep 13)
  - RE: The home user problem returns hermit921 (Sep 13)
    - RE: The home user problem returns Jim Seymour (Sep 13)
    - Mitigating MS risks [Was: home users] Tina Bird (Sep 14)
    - RE: The home user problem returns StefanDorn (Sep 22)
  - RE: The home user problem returns Paul D. Robertson (Sep 13)
    - RE: The home user problem returns Tina Bird (Sep 13)

(Thread continues...)