Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Virgin Media News Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=10)
-   -   ntl blocking more worms (https://www.cableforum.uk/board/showthread.php?t=13452)

Ramrod 11-06-2004 17:54
ntl blocking more worms
 
Quote:
Cable telco NTL is blocking more Internet ports to stop worms from spreading across its network. Last month it blocked port 135. Now it is blocking (inbound only): 137 (UDP), 138 (UDP), 139 (TCP), 445 (UDP & TCP), 593 (TCP), 1433 (TCP), 1434 (UDP) and 27374 (TCP).

"This 'port-blocking' should have little or no effect on your use of the Internet but it will significantly reduce the vulnerability to infection from variants of the Welchia and MSBlast worms," NTL explains in a notice to subscribers. Welchia and MSBlast are also known as Nachi and Blaster, respectively. NTL hopes to shepherd users with virus infection to special websites to help them clean their computer.

A recent study by network traffic management firm Sandvine estimats that computer worms such as Blaster will cost UK ISPs â‚ ¬22.4m this year. Although worms are usually associated with attacks on corporate networks, the malicious traffic also ties up service provider networks, degrading the broadband experience for home Internet users. Meanwhile, outbreaks of computer worms generate a huge upsurge in support calls to ISPs.

NTL's measures are a rational response, but the move will create problems for some home users who need to use Windows File and Print Sharing over the Internet or run applications like Exchange at home. This minor inconvenience is considered by NTL to be a price worth paying in the fight against worms. ®
link

Alan Waddington 11-06-2004 18:10
Re: ntl blocking more worms
 
I think they were blocking those before, except 593 which is a new one on me. I'd really rather they didn't block ports above 1024 though.

MetaWraith 11-06-2004 18:16
Re: ntl blocking more worms
 
the announcement notice is at
http://www.ntlworld.com/tunnel.php?task=portBlocking

dr wadd 11-06-2004 18:36
Re: ntl blocking more worms
 
Quote:
Originally Posted by Alan Waddington
I think they were blocking those before, except 593 which is a new one on me. I'd really rather they didn't block ports above 1024 though.
It does seem pretty stupid to introduce "protection" that can generate page not found errors.

Are NTL going to actively inform customers of this change?

altis 11-06-2004 18:51
Re: ntl blocking more worms
 
As previously announced in this thread:
http://www.cableforum.co.uk/board/showthread.php?t=3427

Paul 11-06-2004 19:36
Re: ntl blocking more worms
 
Quote:
Originally Posted by dr wadd
It does seem pretty stupid to introduce "protection" that can generate page not found errors.

Are NTL going to actively inform customers of this change?
There is nothing new in that list - it is the same ports they have always been blocking. :)

andrew_wallasey 12-06-2004 10:40
Re: ntl blocking more worms
 
Quote:
Originally Posted by dr wadd
It does seem pretty stupid to introduce "protection" that can generate page not found errors.

Are NTL going to actively inform customers of this change?
Why would they?

It would go straight over 99.9999999% of most users heads and involve a lot of people phoning up c/s confused about the letter.

Stuart 12-06-2004 14:26
Re: ntl blocking more worms
 
Quote:
Originally Posted by dr wadd
It does seem pretty stupid to introduce "protection" that can generate page not found errors.

Are NTL going to actively inform customers of this change?
Which would you rather have? A few page not found errors or potentially thousands more PCs infected by viruses because their owners haven't bothered to patch them? At least with the most common ports blocked (which NTL have done), then there is less chance of infection.

Matth 12-06-2004 14:48
Re: ntl blocking more worms
 
If they were TRUE inbound connection blocks, they would have no effect on web pages - if they could implement them that way, there's a sizeable shopping list of ports I'd like to see added.

2745, 5000, 5554, 6129, 9898 - and possibly 1025-1029
In other words, most of the pollution that's currently around - probably less than the junk they're already blocking - my firewall logs got a hell of a lot shorter when they did that!

Paul 12-06-2004 17:23
Re: ntl blocking more worms
 
Quote:
Originally Posted by Matth
If they were TRUE inbound connection blocks, they would have no effect on web pages - if they could implement them that way, there's a sizeable shopping list of ports I'd like to see added.

2745, 5000, 5554, 6129, 9898 - and possibly 1025-1029
In other words, most of the pollution that's currently around - probably less than the junk they're already blocking - my firewall logs got a hell of a lot shorter when they did that!
They are true inbound syn blocks.

As its the CM's that are doing the blocking their may be a limit to how many they can do. It's also somewhat pointless as nothing on your machine should be listening on those ports anyway (which is also the case for port tcp 27374).

nate 14-06-2004 14:08
Re: ntl blocking more worms
 
Quote:
Originally Posted by Pem
They are true inbound syn blocks.

As its the CM's that are doing the blocking their may be a limit to how many they can do. It's also somewhat pointless as nothing on your machine should be listening on those ports anyway (which is also the case for port tcp 27374).
AFAIK it's not the CM's doing the blocking, as the same ports are blocked on dialup too, new ports will be blocked as and when needed.

quadplay 14-06-2004 14:26
Re: ntl blocking more worms
 
For broadband customers, the blocking is done by the CM or STB. For narrowband customers, it's done elsewhere.


All times are GMT +1. The time now is 15:41.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum