On Sat, 20 Sep 2003, Justin Shore wrote:
Abosulutely. At least if the customer wants technical support or plans on paying for their bandwidth. It costs *more* resources for an ISP to *not* filter ports and it costs them *less* resources to filter known ports that are rarely used by Joe Blow average user but the cause of 99% of their
The majority of viruses still spread through port 25 and port 80. I've asked other providers about their experiences. Based on their experiences, the number of incidents for providers that filtered netbios was essentially the same as providers that didn't. It didn't significantly change the number of calls to their help desks over the long-term (e.g. 6 months) either. They were hit with the same number of drop-everything-all-hands-on-deck incidents. Microsoft Windows has more than enough vulnerabilities. Blocking a few ports doesn't change much. Deleting Outlook might help :-) I know how people working the help desk feel. But is this a case of "do something" rather than figuring out what the problem is. What data do people have to back up blocking specific ports. What were your control groups? With Trojan proxies appear on almost any port, blocking anything less than every port will be ineffective.