[Dshield] DCOM Question...

Ed Truitt ed.truitt at etee2k.net
Tue Aug 5 11:50:17 GMT 2003

On Mon, 2003-08-04 at 10:25, Richard Golodner wrote:
> 	I am wondering if someone from the group could update me on what
> ports they are blocking at their firewalls other than the usual 135,
> 137,138,139. All of this patching has gotten to be quite a PIA. Thanks for
> the info...You may email me off list in order to keep the noise level as low
> as possible. kid at aetea.com

I block EVERYTHING inbound!  "Deny by default", and open up those ports
I use (which I serve data on.)  I do permit inbound traffic where I have
initiated the connection.  I don't filter that much outbound, though I
do have some IPs/domains on a personal "IDP" (Internet death penalty).

Of course, this doesn't mean I don't have to patch.  Yep, it is sure a
PITA, but being awakened by your ISP to find out your machines have
turned into attack zombies is no fun either.  And, if your EMPLOYER
wakes you up, and tells you that 70,000+ systems are all trying to kill
each other and every network device they can find -- that is a
redefinition of PITA.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list