[c-nsp] ISP POP Location - Blocking Ports - Advice
joshua sahala
jejs at sahala.org
Mon Aug 2 21:50:07 EDT 2004
On (02/08/04 21:14), Paul Stewart wrote:
>
> What I am wondering though is what ports are commonly blocked now on ISP's?
> Anyone care to share their lists?
>
it depends - do your users know that you are going to do this? ;)
customers can get mad if their favorite windows app breaks because you
filtered it (no matter how many good reasons there are for it to be
filtered).
that being said: i do no customer filtering at my current employer
unless they ask. as my previous employer, we filtered a lot of
services, mostly because they resold those services downstream as
'premium offerings' (i just provided them transit). on my lan i
filter tcp/udp 135-139 & 445, plus outbound smtp not coming from my
mail servers. it there is some new worm, i might filter that because
my users like to open the secret attachment from the friend they have
never met ;)
/joshua
--
A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
- Douglas Adams -
More information about the cisco-nsp
mailing list