[Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026

Doug White doug at dwhite.ws
Sat Jun 21 16:28:54 GMT 2003


|
| Call your ISPs and ask them to block ports! At least 135-139 and 445
| (UDP and TCP). They should also block the 'unusual' protocols, like at
| least 0 and 255, but maybe a few more.


Actually, I would not want my ISP to block any ports, unless it was a case of an
ongoing SYN flood, or DOS attack.

Many servers use "non-standard" port numbers to communicate with other servers,
such as remote databases, VPN connections, etc, that blocking ports at the IP
level would prevent this customization by its customers, should they desire to
do so.

In my case, I have a SQL2k DB server that serves several remote clients, but
none of them are permitted to communicate on ports 1443-1445 for obvious
reasons, and are assigned a unique port number for their communication.  Port
blocking at the ISP level would probably put me out of business.

The proper place for port blocking is at the peripheral of the local network, or
on a per machine level, IMHO.




More information about the list mailing list