[nsp-sec] Port 53 Blocking on DSL/Cable Networks

Krista Hickey Krista.Hickey at cogeco.com
Thu Jan 31 18:53:11 EST 2008 

On 31-Jan-2008, at 13:16, <jonathan.curtis at bell.ca> 
<jonathan.curtis at bell.ca  > wrote:
> Has anyone taken a serious look at blocking these ports externally on 
> their networks?
>
> Reasons I ask:
>
> 1. Prevent Home Gateway Pharming / Phishing
>
> http://www.news.com/8301-10789_3-9855195-57.html
>
> http://www.cert.org.mx/imagenes/dns.png

On 31-Jan-2008, Joe Abley wrote:
>Blocking 53/udp is a really bad way to try and fix that problem.

Agreed. After all, blocking is bad ;)

That said, I understand Jonathan's pain. Our company has hundreds of
thousands of customers with jebus knows what routing or home networking
devices that could be vulnerable to this, or like, attack (my company
only provides routing devices to a very small subset of business
customers). While ultimately it's a vendor<-->customer issue the reality
is that we feel the pain be it network impact, abuse desk impact,
support impact, etc so what to do? So far the only thing I can think of
is improved network visibility and improved feedback loops between ISPs,
TLDs, etc but I'm open to ideas.

Krista 
7992

PS - This discussion probably should be on -discuss 
 
Do you really need to print this email? Help preserve our environment! Devez-vous vraiment imprimer ce courriel? Pensons a l'environnement!
__________________________________________________________
 
The information in this message, including in all attachments, is confidential or privileged. In the event you have received this message in error and are not the intended recipient, you are hereby advised that any use, copying or reproduction of this document is strictly forbidden. Please notify immediately the sender of this error and destroy this message, including its attachments, as the case may be.
 
L'information apparaissant dans ce message electronique et dans les documents qui y sont joints est de nature confidentielle ou privilegiee. Si ce message vous est parvenu par erreur et que vous n'en etes pas le destinataire vise, vous etes par les presentes avise que toute utilisation, copie ou distribution de ce message est strictement interdite. Vous etes donc prie d'en informer immediatement l'expediteur et de detruire ce message, ainsi que les documents qui y sont joints, le cas echeant.

__________________________________________________________

More information about the nsp-security mailing list