dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog to sammysparrow

Member

to sammysparrow

Re: to block ports or not to block ports

There is a script I run on Mikrotik so if too many messages are sent out port 25 in a 24 hour period their IP is blacklisted from using port 25.

Beyond that, I don't block any ports to end users and that is how it should be IMHO. We are ISP's not firewall providers.

sammysparrow
@213.175.144.x

sammysparrow

Anon

@ wirelessdog

And that hits the nail on the head..... "We are ISP's not firewall providers"

That's EXACTLY were we are headed ....firewall providers.... We see so much rubbish and nefarious connections being established and maintained from outside to the end users modems that its becoming more and more apparent to us that we need to take control of this...not because we are control freaks or want more work but simply because it DOES become our problem when the client has "issues" on their end. You could argue that as ISP's its not our problem but a customer is precious to us and if the customer has a problem we have a problem.

We bought a high end Deep Packet Inspection server (bit over 40K's worth) and its simply amazing to see the connections being established and maintained - some of the stuff we have been able to spot and deal with that was previously going under the radar is over the top. But....its one thing to see it and report on it and totally another to actually do something about it. Hence the discussion.

Totally agree on port 22 being a hazard. It is. We see a LOT of connections coming in on 22 from China. A lot. Its actually quite alarming how many connections are coming in from China these days. Also 23 needs to be bolted down tight. The Chinese love ports 22 and 23.

Anyway, good insights, thanks for the discussion.
raytaylor
join:2009-07-28

raytaylor to wirelessdog

Member

to wirelessdog
said by wirelessdog:

There is a script I run on Mikrotik so if too many messages are sent out port 25 in a 24 hour period their IP is blacklisted from using port 25.

Beyond that, I don't block any ports to end users and that is how it should be IMHO. We are ISP's not firewall providers.

I am not sure about the microtik stuff.
By blocking outgoing port 25, if the subscriber's email provider wont give them a secure smtp service, then the subscriber must use our smtp server on port 25.

Each ip address within our network can relay out through it, but is limited to 15 outgoing messages per hour unless they login.
Thats basically how i manage it.