IMHO, If it's for my own network, yes. Block it. If you are ISP'ing for it, you shouldn't need netbios related stuff on your own servers and they should be protected anyway. However, it should be passed along to your customers in case they are foolish enough to have to expose MS related services anyway. Chris Johnston 714-306-5746 949-653-8819 (fax) Cannot find REALITY.SYS. Universe halted. ------------------------------------------------------------------- -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Adi Linden Sent: Friday, August 01, 2003 11:37 AM To: nanog@merit.edu Subject: Blocking port 135? http://www.cert.org/advisories/CA-2003-19.html Would blocking port 135 at the network edge be a prudent preventative measure?