[Dshield] paper about port blocking

Johannes Ullrich jullrich at euclidian.com
Thu Sep 4 17:03:25 GMT 2003

> Just a question, though -- why did you not include Port 138

I did try to trim the list to the absolute minimum. If you ask
me about a home firewall, I would say '135-139'. But for the
purpose of ISP wide filtering, I did try to be more specific.

Port 138 is only used for 'announcements' AFAIK. E.g. a host
will use it to announce to the network that its up. Usually,
you will see broadcast UDP packets. These packets are not useful
to share files or to solicit information from the target system.
AFAIK. (maybe there are some windows experts on the list that 
know more details ;-) ).

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list