Security Incidents mailing list archives
Re: ISP Filtering (Survey of Sorts)
From: Jens Hektor <hektor () RZ RWTH-Aachen DE>
Date: Sat, 02 Jun 2001 18:39:18 +0200
macdaddy () pittstate edu wrote:
1-19 I/O (there isn't any reason why a user should be using these ports) 61/62 I (there isn't any reason why someone should be query *any* of our devices via SNMP)
Should read 161/162.
111 I/O (talk about hack me please...) 135-139 I/O (no reason to allow this. too much info can be gathered with NO log entry on the queried box. most are misconfigured and allow access to way too much) 53 where possible (few client nodes should be queried for DNS. Most of our users are basic dialups. Some DSL, very little business DSL or leased line. Those people plus our own DNS servers need to be allowed for.) netbus/BO ports (let's halt the problem before it starts)
I think this is good practice. Additionally I would suggest tftp/bootps.
I've seriously been thinking about blocking connections TO port 25 on our client (non-business) nodes. We'd still allow them to use any SMPT server
Establish a virus-scanning relay and most of them will be happy. Bye, Jens -- Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen Computing Center Technical University Aachen, network operation & security mailto:hektor () RZ RWTH-Aachen DE, Tel.: +49 241 80 4866
Current thread:
- Re: ISP Filtering (Survey of Sorts) Jason Storm (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Christian Schwalm (Jun 02)
- <Possible follow-ups>
- RE: ISP Filtering (Survey of Sorts) Jason Lewis (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Kath (Jun 01)
- RE: ISP Filtering (Survey of Sorts) Booth, David CWT-MSP (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Joe Shaw (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Nick FitzGerald (Jun 02)
- Re: ISP Filtering (Survey of Sorts) macdaddy (Jun 02)
- Re: ISP Filtering (Survey of Sorts) Jens Hektor (Jun 03)
- Re: ISP Filtering (Survey of Sorts) Brett Glass (Jun 02)