On Tue, Aug 25, 2020 at 4:15 AM Douglas Fischer <fischerdouglas@gmail.com> wrote:
a) Should an ISP block that Kind of traffic?
Hi Douglas, Generally speaking the answer is NO, You should not presume that your understanding of your customers' data traffic is sufficiently complete or correct to make blocking decisions for them. There are some major exceptions to this rule: 1. If your customer has directed you to apply your expertise and make blocking decisions for you. 2. For commodity dynamic-IP (residential) accounts only, there is a small set of "attractive nuisance" ports which it's reasonable to exclude from your service offering. Generally email server to server (port 25) and the historically poorly secured MS Windows LAN ports (135-139, 445, and 1900). It's fair to tell these customers that (A) they don't want to use those ports and (B) if they do want to use those ports, buy the SOHO offering. 3. For low-dollar virtual server products it's not unreasonable to block the same ports by default and for the same reasons, as long as you're prepared to promptly remove the blocks upon request.
b) Should a Transit Provider block that Kind of traffic?
Preemptively? Never. If I found my business transit provider was doing this, I'd treat it as a breach of contract. As for port 0 specifically, it doesn't really fit the attractive nuisance mold. It's about as harmless (or harmful) as any random TCP port. It doesn't particularly have a history of doing harm. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/