Well, I guess blocking is a good idea. That is why censoring was invented in the first place. Blocking port 25, Simple Mail Transfer, makes sense. If nobody can send emails then nobody can send spam. Ok let us block port 25 provocatively. :) Blocking port 137, NETBIOS Name Service, ok I am running linux. I dont need NETBIOS. I think it makes sense keeping windows out of the internet. Without windows there is no spam, no virus, no worm. Yes, let us block. Blocking port 138, NETBIOS Datagram Service, see above. Block it! Blocking port 139, NETBIOS Session Service, see above. Who needs windows? It is a security risk in the first place. Blocking port 445, Microsoft-DS, if it is from Microsoft it is always good blocking it. I have forgotten port 80, World Wide Web HTTP, and port 53, Domain Name Server. I know for shure windows does use them. Lets block them! Without poisoned homepages you cannot be tricked to download vermin in the first place. So it is a very good idea to block port 80. Without DNS viruses might have difficulties finding their seed servers. Yes it is a MUST. We absolutely must block port 53 :) Firewall rules ============== They are poison! Every rules takes time to process. Every rules makes router, your firewall your whateveryoulike crawl more slowly. Why not block port 1 right through port 1023? There is no reason why anybody but a hacker might need them. Where to block? =============== After seeing what to block we need to find the right place where to block. ISPs and carriers and, ..., live from selling the complete internet. They get money for what they dont block. There is no reason why they should block anything. Me? I am running linux mostly. I do use port 137 for ssh - only fools do use port 22. Ever seen you could download Cassels Dictionary plus the Bible by simply listening to port 137? So please dont block port 137 for me. And please dont block port 138 - I need it for ftp from some not so secure machines running Phyton :) Windows users? Oh yes - we have found it! Just unpluck every windows pc and we will have no more reason for blocking anything. If you really want your windows pc to peek into the internet use a firewall. Use a HARDWARE firewall and best block all ports from 1 to 1023. You never know :) In germany we have the fastest higways of he world and we drive the fastest cars. We need to drive fast because of the many holes in the streets, to glide over them. But in our cities we are not allowed to drive fast because the streets have become a childrens playground. The internet has become a childrens playground too. It does not make sense to develop faster and faster internet access. 4800 baud is too fast for children. Let us get back to 110 and best only allow machines with paper output and punched tape copy for everything to have a proof for the judge - in case they need it against us. Have a nice weekend - Oh, sorry I did not think we only had tuesday! Peter and Karin Dambier -- Peter and Karin Dambier Public-Root Graeffstrasse 14 D-64646 Heppenheim +49-6252-671788 (Telekom) +49-179-108-3978 (O2 Genion) +49-6252-750308 (VoIP: sipgate.de) +1-360-448-1275 (VoIP: freeworldialup.com) mail: peter@peter-dambier.de http://iason.site.voila.fr http://www.kokoom.com/iason