[c-nsp] ISP POP Location - Blocking Ports - Advice

Paul Stewart pauls at nexicom.net
Tue Aug 3 06:48:44 EDT 2004 

Thanks Jeff and everyone else who replied so far... (Joshua, Chuck, Jon,
Richard 1 and Richard 2) ;)

Our AUP permits us to block whatever we feel like "may be a threat or cause
any harm to the operations of our network"... Etc etc... With that said, we
do not want a flood of phone calls coming into our help desk center of
course nor do we want upset customers.

By blocking the common Windows ports we feel we're not going to block any
potentionally legit traffic, only ports that viruses are very commonly
using... There's any argument to both sides of course.  Our filtering has
been zero to date, however with our bandwidth now showing more upload  than
download, and the fact that we keep getting spamcop listed due to spam
leaving our customer computers when they don't know due to a virus, we felt
now is a good time to start getting a little more restrictive.

It was also felt that if 1% of our customers don't like the filtering and
leave us, we're better to lose the 1% than to have the grief of this traffic
going through our system...

Each our POP's is served with a Cisco router and/or Cisco switch so I was
thinking we would do the filtering at each POP and keep the potential
loading caused by filtering away from our core...

Thanks again to everyone for your thoughts...

Paul


-----Original Message-----
From: Tantsura, Jeff [mailto:jeff.tantsura at capgemini.com] 
Sent: Tuesday, August 03, 2004 5:15 AM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] ISP POP Location - Blocking Ports - Advice



Read twice what you sell to your customers before starting filtering. At my
ex-job I wasn't allowed to place ANY filters even in case of virus/dos :)

Jeff

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Tuesday, August 03, 2004 3:15 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ISP POP Location - Blocking Ports - Advice

Hi there..

We have decided to start being more strict on what we permit our customers
to send through out system as an ISP.  Basically I'd like to start blocking
smtp traffic except to our mail servers from dynamic addresses.  Static IP
customers will still be able to send smtp traffic.

What I am wondering though is what ports are commonly blocked now on ISP's?
Anyone care to share their lists?

We are thinking of blocking port 25, 137, 138, 139, 445 at this point. The
reason is to cut down on the crap coming from virus infected customers. It's
easier  to slow them down than  it is to  chase thousands of customers. We
tried  cutting some customers off last week who were obviously infected.
They were thankful for the phone call, got their PC fixed  up at the local
shop and  then a day later got infected again.  This time around they were
not so friendly about the scenario...

Any thoughts would be most helpful... We are looking at putting access lists
at each POP site  for now and go from there...

Paul


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Our name has changed.  Please update your address book to the following
format: "recipient at capgemini.com".

This message contains information that may be privileged or confidential and
is the property of the Capgemini Group. It is intended only for the person
to whom it is addressed. If you are not the intended recipient,  you are not
authorized to read, print, retain, copy, disseminate,  distribute, or use
this message or any part thereof. If you receive this  message in error,
please notify the sender immediately and delete all  copies of this message.

More information about the cisco-nsp mailing list