nanog mailing list archives
Re: Blocking port 135?
From: Mans Nilsson <mansaxel () sunet se>
Date: Sat, 2 Aug 2003 10:46:54 +0200
Subject: Blocking port 135? Date: Fri, Aug 01, 2003 at 01:37:21PM -0500 Quoting Adi Linden (adil () adis on ca):
http://www.cert.org/advisories/CA-2003-19.html Would blocking port 135 at the network edge be a prudent preventative measure?
As most have said, no. * It does not cover all possible attacks. * It may block legitime traffic. * If you block and interfere, you are responsible for what your customer does. You Do Not Want That. * If my home ISP tried this on me, I'd take them to the consumer protection authority and have them explain why they are calling their filtered service "Internet access". Instead, I'd suggest this: - Have the customer responsible for all things on their own machine. In writing if necessary. - Inform them that "real Internet" is a Good Thing, but emphasize that it takes some care and feeding of connected devices. - Tell them where to get free or cheap protection software. - Inform them that devices found to be broken into will be sent to null0 until proof of cleanliness has been obtained. - If they have a larger net (corporate customers) tell them you *will* take their CPE interface down if they are visibly broken into and fail to respond. Works for us. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE I fill MY industrial waste containers with old copies of the "WATCHTOWER" and then add HAWAIIAN PUNCH to the top ... They look NICE in the yard ...
Attachment:
_bin
Description:
Current thread:
- RE: Blocking port 135?, (continued)
- RE: Blocking port 135? Adi Linden (Aug 01)
- RE: Blocking port 135? Jason Robertson (Aug 01)
- Re: Blocking port 135? Bruce Pinsky (Aug 01)
- Re: Blocking port 135? Jason Slagle (Aug 02)
- RE: Blocking port 135? Bob German (Aug 02)
- RE: Blocking port 135? Adi Linden (Aug 01)
- Re: Blocking port 135? Crist Clark (Aug 01)
- Re: Blocking port 135? Justin Shore (Aug 03)
- Re: Blocking port 135? Jared Mauch (Aug 01)
- Re: Blocking port 135? Stephen Sprunk (Aug 01)
- RE: Blocking port 135? Chris Johnston (Aug 01)
- Re: Blocking port 135? Mans Nilsson (Aug 02)
- Re: Blocking port 135? Jack Bates (Aug 02)
- Re: Blocking port 135? Mans Nilsson (Aug 02)
- Re: Blocking port 135? Sean Donelan (Aug 02)
- Re: Blocking port 135? Christopher L. Morrow (Aug 02)
- Re: Blocking port 135? Jack Bates (Aug 02)
- Re: Blocking port 135? Valdis . Kletnieks (Aug 03)