I'm all for it, Chuck. IMHO: Egress filtering by you should be standard. If a packet is trying to leave your router, but has a source that isn't from the inside of your network(s), drop it.
I don't think that blocking those Microsoft ports below 1024 will affect much traffic. Is it really likely that someone is doing Microsoft style file or print sharing (NetBIOS or port 445)? Who would be doing NetBIOS style name lookups? I've looked after a large number of home and corporate workstations on the Internet and my experience is that the services on these ports are never needed on the Internet. You can't block port 4444 because you don't really know that it's MSBlast. You can certainly stop TFTP from crossing your router. And you can certainly stop probes to ports 135 and 445 from coming in, because you expect workstation clients on the inside of your network, not servers, right? Andrew 8) -----Original Message----- From: Charles Frolick [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Test No Messages I just finished getting all the latest updates, service packs and patches on my servers last week (spent a couple days double checking and catching what auto update doesn't show). I believe they all had that patch already, but could have been bad. I have been considering putting filters on all my access servers (I'm an ISP) to kill anything in our out for the commonly exploited windows ports (135, 139, etc.) to protect my users, and the internet. My concern is, that it might break some other type of functionality for users. Ayone have any thoughts? Thanks, Chuck Frolick ArgoNet, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of paul Sent: Wednesday, August 13, 2003 2:25 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test No Messages > Too many people dealing with the msblast virus to complain about getting > spam... :) Isn't THAT the truth........ sheesh. And what's even funnier, is the # of machines I've cleaned that have HAD the update sitting, waiting to be installed!!!! ARGH! "What's updates ready to install mean?" Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
