Merged - Port blocking

[Fawkes]

Quote:

Originally Posted by zovat

Just a point - according to the port block list on NTLs website - port 135 is NOT being blocked -




Am I misreading this or is this the case ?

Your misreading:

Quote:

Following last month's decision to block 'port 135', ntl:home is blocking more Internet ports to reduce the threat of the new virulent worms that may use these ports to spread across the Internet.

This "port-blocking" should have little or no effect on your use of the Internet but it will significantly reduce the vulnerability to infection from variants of the Welchia and MSBlast worms.

The ports being blocked (inbound only, to stop infections) are: 137 (UDP), 138 (UDP), 139 (TCP), 445 (UDP & TCP), 593 (TCP), 1433 (TCP), 1434 (UDP), 27374 (TCP)

Taken from here.

[iadom]

Quote:

Originally Posted by zovat

Just a point - according to the port block list on NTLs website - port 135 is NOT being blocked -




Am I misreading this or is this the case ?

According to this thread and also from recent experience, this was the first port that Ntl blocked followed soon after by the ones in the list. I think that page on the Ntl website is a list of the other ports they decided to block as well.
As I mentioned I have had absolutely no 135 scans since they started blocking until this morning, now they are flooding in just as before blocking.

http://forum.nthellworld.co.uk/showt...light=Port+135

EDIT, Thanks Fawkes, was just about to post that link but you saved me the trouble. I just find it weird that no one else in the N/West has reported anything similar yet, but the night is young.
As you can see from attached jpeg, I am also getting 139 & 445 scans as well, even though these are supposed to be blocked.

[zovat]

Quote:

Originally Posted by Fawkes

Your misreading:



Taken from here.

cheers for that - I missed the first bit - sorry

I can confirm that nothing is getting to me on port 135.

[iadom]

I'm not surprised, they are all attacking me. Over 600 hits in the past 5 hours, ports 135/139/445 mainly, and these are supposed to be blocked.

I am going to shut down now and see what tomorrow brings.

[utt]

Quote:

Originally Posted by iadom

I'm not surprised, they are all attacking me. Over 600 hits in the past 5 hours, ports 135/139/445 mainly, and these are supposed to be blocked.

I am going to shut down now and see what tomorrow brings.

iadom...
Please check with Neil who I am, and then please pm me your details, we would like to investigate why you are getting these hits on your firewall.

Thanks
UTT

[Stuartbe]

Hi All.

I know that you are not suposed to run your own mail servers on a broadband connection with NTL but many people do. I do as I simply can not rely on NTL'S poor mail servers (when they are actualy up that is ! )

I am now finding that a large number of mail servers are rejecting mail from dynamic ip's that are sent directly. I can understand why they are doing this as there must be a huge number or servers that are completely insecure or set up as open relays. This is purely down to ignorant people that simply slap on a mail server package with no knowlege of how to secure it. These users should have there cable modems inserted where the sun doesn't shine as they are giving people that do run proper mail servers a bad rep. There sulution to this is to use the NTL smtp as a smart host !!!!!! :-( NOT GOOD !!!

There are users out there that do know what they are doing and dont pose a risk as open relays or spam portals. If you are a small company like we are a leased line is out of the question.

Looks like the average home or small company has no choice but to rely on there ISP'S mail servers even though they are often unstable and usualy a bigger relay of spam than most home servers.

Does any one know if NTL have multiple mail servers in diferent parts of the U.K. or do they just have the one ?

[darkangel]

Quote:

Originally Posted by stuartbe

Hi All.

I know that you are not suposed to run your own mail servers on a broadband connection with NTL but many people do. I do as I simply can not rely on NTL'S poor mail servers (when they are actualy up that is ! )

I am now finding that a large number of mail servers are rejecting mail from dynamic ip's that are sent directly. I can understand why they are doing this as there must be a huge number or servers that are completely insecure or set up as open relays. This is purely down to ignorant people that simply slap on a mail server package with no knowlege of how to secure it. These users should have there cable modems inserted where the sun doesn't shine as they are giving people that do run proper mail servers a bad rep. There sulution to this is to use the NTL smtp as a smart host !!!!!! :-( NOT GOOD !!!

There are users out there that do know what they are doing and dont pose a risk as open relays or spam portals. If you are a small company like we are a leased line is out of the question.

Looks like the average home or small company has no choice but to rely on there ISP'S mail servers even though they are often unstable and usualy a bigger relay of spam than most home servers.

Does any one know if NTL have multiple mail servers in diferent parts of the U.K. or do they just have the one ?

never had any problems with ntl's e-mail but are u saying that u are using the residential service for your business? surely there are plenty of private e-mail providers that will give u guaranteed service

[Stuartbe]

Im self employed so a business connection is simply out of my budget. I need web mail access to the server and I also need to send digitaly sig. mail out.

[iadom]

Will do ,thanks for that. Have just booted up and the firewall was hit within seconds.

jim.

[th'engineer]

Quote:

Originally Posted by iadom

Will do ,thanks for that. Have just booted up and the firewall was hit within seconds.

jim.

Jim get that router you promised yourself for xmas it will stop them

[iadom]

Quote:

Originally Posted by th'engineer

Jim get that router you promised yourself for xmas it will stop them

Thanks Steve, I should have put a request in the Christmas presents thread.
Strange why I have just suddenly started to get these,

PS, my memory is a bit vague this morning, I was out on my first call at 7.30 and it was b***** cold. How do I obtain my MAC address.

EDIT: Cancel that ,good old Robin Walker pages, I knew I had seen MAC info somewhere.

[cliveb]

Quote:

Originally Posted by stuartbe

There are users out there that do know what they are doing and dont pose a risk as open relays or spam portals. If you are a small company like we are a leased line is out of the question.

There is a very good reason why mail sent direct from a dynamic IP can't be trusted. Although at the moment, that dynamic IP happens to belong to you, and you can be trusted, tomorrow that IP might be handed out to someone else who is running an open relay. (I know IP addresses in NTL tend to stick around, but they *can* change - mine did a couple of weeks ago after a hardware "upgrade" at NTL's end).

I agree with you that NTL's SMTP servers can't be trusted (nor can their POP3 servers for that matter), so the only real solution is to buy email services from a reliable third party. I happen to use UK Web Solutions Direct, who have been very reliable (20 quid a year for POP3, SMTP, webmail, and 100MB of web space), but I'm sure there are plenty of other suitable providers.

[th'engineer]

Quote:

Originally Posted by iadom

Thanks Steve, I should have put a request in the Christmas presents thread.
Strange why I have just suddenly started to get these,

PS, my memory is a bit vague this morning, I was out on my first call at 7.30 and it was b***** cold. How do I obtain my MAC address.

EDIT: Cancel that ,good old Robin Walker pages, I knew I had seen MAC info somewhere.

IPconfig/all or winipcfg from run dependant on OS

[iadom]

For attention of utt.


Here is the screen grab you requested from first bootup this morning. Still flooding in, over 400 today up to now.

Jim.