Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

blocking: What, How, Where

  • From: Peter Dambier
  • Date: Tue Aug 16 06:42:49 2005

Well,

I guess blocking is a good idea. That is why censoring was invented in the
first place.

Blocking port 25, Simple Mail Transfer,
makes sense. If nobody can send emails then nobody can send spam. Ok let us
block port 25 provocatively. :)

Blocking port 137, NETBIOS Name Service,
ok I am running linux. I dont need NETBIOS. I think it makes sense keeping
windows out of the internet. Without windows there is no spam, no virus,
no worm. Yes, let us block.

Blocking port 138, NETBIOS Datagram Service,
see above. Block it!

Blocking port 139, NETBIOS Session Service,
see above. Who needs windows? It is a security risk in the first place.

Blocking port 445, Microsoft-DS,
if it is from Microsoft it is always good blocking it.


I have forgotten port 80, World Wide Web HTTP, and port 53, Domain Name
Server. I know for shure windows does use them. Lets block them! Without
poisoned homepages you cannot be tricked to download vermin in the
first place. So it is a very good idea to block port 80.

Without DNS viruses might have difficulties finding their seed servers.
Yes it is a MUST. We absolutely must block port 53 :)

Firewall rules
==============

They are poison!

Every rules takes time to process. Every rules makes router, your firewall
your whateveryoulike crawl more slowly.

Why not block port 1 right through port 1023? There is no reason why
anybody but a hacker might need them.

Where to block?
===============

After seeing what to block we need to find the right place where to
block.

ISPs and carriers and, ..., live from selling the complete internet.
They get money for what they dont block. There is no reason why they
should block anything.

Me? I am running linux mostly. I do use port 137 for ssh - only fools
do use port 22. Ever seen you could download Cassels Dictionary  plus
the Bible by simply listening to port 137? So please dont block
port 137 for me. And please dont block port 138 - I need it for
ftp from some not so secure machines running Phyton :)

Windows users?

Oh yes - we have found it! Just unpluck every windows pc and we will
have no more reason for blocking anything.

If you really want your windows pc to peek into the internet use
a firewall. Use a HARDWARE firewall and best block all ports from 1
to 1023. You never know :)

In germany we have the fastest higways of he world and we drive the
fastest cars. We need to drive fast because of the many holes in the
streets, to glide over them. But in our cities we are not allowed to
drive fast because the streets have become a childrens playground.

The internet has become a childrens playground too. It does not make
sense to develop faster and faster internet access. 4800 baud is too
fast for children. Let us get back to 110 and best only allow machines
with paper output and punched tape copy for everything to have a
proof for the judge - in case they need it against us.

Have a nice weekend - Oh, sorry I did not think we only had tuesday!
Peter and Karin Dambier

--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
mail: peter@peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.