|
What ports do you block?
Reasons For Filtering Ports
-
Protecting our customers
Certain ports are filtered to protect our customers. We can protect against certain common worms
and from dangerous services on our customers' computers that could allow intruders access.
The need to protect our Static IP customers from these worms and dangerous service is
unfortunately a necessary evil. If accessing File Shares via these dangerous services
was a common practice, we do strongly recommend you utilize a more secure, safer, and
less vulnerable procedure for this in the future.
-
Protecting upstream bandwidth
Cable
Upstream bandwidth to a cable plant is limited. If customers overuse their upstream bandwidth
by running high-traffic servers or becoming infected with a worm or virus,
it can degrade the service of other customers on that node.
Non-Cable
Since Upstream bandwidth is normally a fraction of the speed available for download it is possible that
by running those same servers or being infected can cause just as much of a degregation to your service
even when not on a Cable-based Broadband system.
-
Protecting the rest of the Internet
Some filters prevent our customers from attacking other computers on the Internet.
In addition to being in the best interest of our users' security and accessibility,
it is our responsibility to prevent abuse of our network.
| Port |
Transport |
Protocol |
Direction |
Service Type |
Reason for Filtering |
| 20, 21 |
TCP |
FTP |
Inbound |
Dynamic |
FTP servers |
| 25 |
TCP |
SMTP |
Both* |
Dynamic |
SMTP Relays |
| 80, 443 |
TCP |
HTTP(S) |
Inbound |
Dynamic |
Web servers, worms |
| 110, 143 |
TCP |
POP, IMAP |
Inbound |
Dynamic |
SMTP Relays |
| 135 |
UDP |
NetBios |
Both |
All |
Net Send Spam/Pop-ups, Worms |
| 136-139 |
UDP, TCP |
NetBios |
Both |
All |
Worms, Network Neighborhood |
| 445 |
TCP |
MS-DS/NetBios |
Both |
All |
Worms, Network Neighborhood |
| 1025-1030 |
TCP |
MS-DCOM |
Inbound |
All |
RPC and LSA exploits |
| 1026-1027 |
UDP |
MS-DCOM |
Inbound |
All |
RPC and LSA exploits |
| 1433 |
TCP |
MS-SQL |
Both |
Dynamic |
Worms, Trojans |
| 1434 |
UDP |
MS-SQL |
Both |
Dynamic |
Worms, Slammer |
| 1900, 5000 |
UDP, TCP |
MS-DS/NetBios |
Both |
Dynamic |
Worms, Network Neighborhood |
| 4444 |
TCP |
MS-DCOM |
Both |
All |
W32.Blaster and other DCOM |
| 4899 |
TCP |
Radmin |
Both |
Dynamic |
Remote Administration tool |
| 6129 |
TCP |
Dameware |
Both |
Dynamic |
Remote Administration tool |
| 27374 |
TCP |
Subseven |
Both |
Dynamic |
SubSeven Trojan |
| 31337 |
TCP |
Back Orfice |
Both |
Dynamic |
BackOrfice Trojan |
|
*SMTP is only permitted outbound to GVTC-provided SMTP servers
|
|
Detailed Explanations Of Filtered Ports
|
|
20-21/TCP - FTP
|
FTP clients use the File Transfer Protocol (HTTP) to communicate with FTP
servers. This is primarily to protecting bandwidth by preventing customers from
running high-traffic file servers.
|
|
25/TCP - SMTP
|
Mail servers use Simple Mail Transport Protocol (SMTP) to exchange email. We block
this to protect upstream bandwidth and prevent customers from
running open relays could potentially be used by others to send
spam via our network.
|
|
80/TCP - HTTP
443/TCP - HTTPS
|
Web browsers use Hypertext Transport Protocol (HTTP) to communicate with web
servers and HTTPS to access Secured Web Servers. In addition to protecting
bandwidth by preventing customers from running high-traffic web servers,
we can stop many destructive worms that spread through security holes in
web server software.
|
135,137/UDP,
135,139/TCP,
445/TCP,
4444/TCP,
- MS-DC / NetBIOS
|
NetBIOS (also known as Server Message Block, LanManager, and Common Internet File System)
is a networked file sharing protocol. The Microsoft "Network Neighborhood" runs over
NetBIOS. We filter these ports to protect customers from exposing files on their computers, and to
block worms which spread through open file shares. The latest addition to this series,
a consolidated service port (TCP445), has also opened new similar security risks in Win2K
and WinXP.
|
1025-1030/TCP,
1026-1027/UDP - MS-DCOM
|
Microsoft DCOM is an application used to allow software to communicate directly over the network.
These ports are filtered to prevent exploitation and propagation of
such MS-DCOM exploits.
|
1433/TCP,
1434/UDP
- MS-SQL
|
Microsoft SQL Server is a database application with a long history of security
exploits, and is noted for the propagation of the SQLslammer worm.
These ports are filtered to prevent exploitation and propagation of
such MS-SQL exploits.
|
1900/UDP,
5000/TCP,
- UPnP
|
discovery/SSDP is a service that runs by default on WinXP. It creates an immediately
exploitable security vulnerability for any network. Filtering this
port proactively prevents XP systems from being remotely compromised by
malicious worms or intruders.
|
|
4899/TCP - Radmin
|
Radmin is a very fast, very powerful remote administrator server available
on Win95 and above. This software gives the user the ability to remotely monitor,
control and transfer files to and from his remote client via a password protected,
encrypted TCP connection. Option include remote Telnet (on WinNt and above) and
fast, encrypted explorer like file transfers. Also, if you are using password
authentication only, a remote user only has to find an open TCP port 4899 and
guess one word: your password.
|
|
6129/TCP - Dameware
|
There is a vulnerability within older versions of Dameware which can allow
for unauthorized login and hence unauthorized use of Dameware for remote
administration of a computer. Dameware was installed by some viruses for
the purpose of remote administration of the infected system.
Outbound scans if occurring in volume should be considered an indication of
a possible infection or compromise on the source computer and should be
investigated immediately.
|
|
27374/TCP - SubSeven
31337/TCP - BackOrifice
|
SubSeven and BackOrifice are common "Trojan Horse" virii. When installed on a
victim's computer, it allows an attacker to remote control it over the
Internet. Either can be configured to run on any port, but blocking
port 27374 and 31337 provides some protection and prevents our customers from attacking
others on the default port.
|
|