[unisog] Blocking Windows Networking at the Border?

Russell Fulton r.fulton at auckland.ac.nz
Tue Apr 23 21:51:07 GMT 2002


On Wed, 2002-04-24 at 09:10, Paul Schmehl wrote:
> We've been blocking those ports for years, and we haven't 
> had a single complaint that I can recall.  When Win2k came 
> out, we added 445 TCP/UDP to the list.  As a result, we 
> haven't experienced any of the problems that you refer to.

ditto. 

Last year I altered the default access to block all incoming access to
ports < 1024.  I left the high numbered ports open so that non passive
ftp would still work in the default setup but I would like to block all
ports now. 

Does anyone think this will cause major problems?

Hmmm... and will it break KaZaA and friends ;-) i.e. does retrieving
files require inbound connection?
 
BTW this is the default access, if people want to run web or ftp servers
then they can alter their access class.  The aim is to restrict inbound
access to just what people ask for, most people don't run services (or
don't know they do :( ) and are perfectly happy to have inbound
connections blocked.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand



More information about the unisog mailing list