On Sun, 31 Aug 2003, Matthew Palmer wrote:
dodgy behaviour (spoofed source addresses, for one). Yes, port 135 is a known vector, and so is 4444 now, but they have their legitimate uses. If
OK, here's an alternative viewpoint. We're an ISP. I'm blocking 135 and the other netbios ports inbound on my clients dial-up/dsl lines because if I didn't, the lines would be useless. Client side firewalls are great, but by the time they can do anything the traffic is already over the line. It doesn't take much traffic at all to overload a dial-up, and every virus flare-up puts a noticeable impact on DSL lines. I'll unblock for a client that asks. The only one who asked, sheepishly asked for it to be put back less than an hour later. They couldn't do anything with the line. It's all well and good to say how things 'should' be, but reality has a way of not caring how things should be. ========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/