CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
|  New Port blocks going into place, please read!!
All,
Starting today, at 9:00 AM EST and moving westward, we are going to be blocking port 135 in all regions. This block will be permanent. For those users who have legit reasons to have port 135 open, you can call into our tech support, 877 722-3755, or IM me with your number. You can even post your case number if you don't want to register. I will add a note saying you want to opt out of the port block. For all customers who do not need this, or don't care, this will permanently block your port 135. You can call in at a later time to change this. Also note that just by calling we are not going to unblock you that instant, in fact there isn't currently an ETA as to when we will. But you will be unblocked soon. To reiterate, those who need access to port 135 please call or IM support and let us know.
If you have any questions or comments regarding this, please keep them all here.
Thanks,
Rick.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
bledsoe2coates
join:2001-04-27
Chicago, IL | I am experiencing a slowdown this morning. I usually get 1280 kbps for over 1 yr, and this morning it is anything from 5 to 200 kbps.
Could the blocking or virus activity be causing the slowdown, or I am having a DSL issue? |
|
mowogg
join:2003-09-03
San Gabriel, CA |  reply to CCCMTech
Re: New Port blocks going into place, please read!
CCCMTech,
What goes in or out of port 135?
I doubt I need it open, but I don't know what it does.
Thanks!
Rob |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| reply to bledsoe2coates
Re: New Port blocks going into place, please read!!
Probably a virus causing that, I would run the following scan, »vil.nai.com/vil/stinger/ , then start a thread if your still having issues.
This Port block should only affect users trying to connect DIRECTLY to an exchange server without a tunnel or people using the RPC feature for legitimate reasons.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
tonydi
Premium,MVM
join:2001-05-11
San Jose, CA
| Does this mean that we'll still see port 135 scans from SBC customers on the same subnet? I wouldn't think so but looking at my logs I just got one about 20 mins ago. It's the only 135 entry in the entire log, a log that's usually completely filled with 135 scans. |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| Port 135 is usually only used for Microsoft Exchange server hosted remotely (of course this won't affect your LAN exchange) Unless you use RPC or an Exchange server at another location this won't affect you.
As far as the same Redback issue, I am not sure. I will get clarification and let you know.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
cbrigante2
Cubs 20??
Premium
join:2002-11-22
North Aurora, IL | reply to CCCMTech
I have a computer that uses Outlook Express to get email off a SBCglobal mail account. Is this port block what is keeping me from getting my mail in Outlook Express? |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11
 ·AT&T Midwest
| reply to CCCMTech
I'm really hoping that there is a general announcement about this going out to all SBC DSL subscribers and you folks are not relying on posting this here at this site. Is this going onto the sbc.yahoo.com and other SBC ISP start pages too? If not, that's where it belongs...in big red letters at the top.
While I applaud the effort, port blocking is the coward's way out. What happened to cutting off infected customers? Too politically hot? Once SBC gets used to the idea of blocking ports, they certainly will not stop with just this one...  |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11
·AT&T Midwest
| reply to cbrigante2
said by cbrigante2  :
I have a computer that uses Outlook Express to get email off a SBCglobal mail account. Is this port block what is keeping me from getting my mail in Outlook Express?
This has no effect on anyone using normal POP3 email. Unless you are using RPC with Exchange (highly unlikely) you won't notice a difference. |
|
devrandom
I got a pot, full of random stuff here
Premium
join:2003-06-28
| reply to CCCMTech
Re: New Port blocks going into place, please read!
Too bad SBC resorted to blocking the whole thing. I guess its for the best. Who needs 135 anyway, its not as critical as 80 or 22 for me 
I liked SBC's way of dealing with infected customers before. It made for a more conscience community in terms of security. Who cares about politically hot..
(Not that i'm running any services, but hey..we all know that we need those ports once in a while )
I've actually been seeing many a dump of scans on my Linux box and lots of ICMP traffic (from presumed infected machines) scanning both my IP and prolly my rback..
--
Catch me if you can! I'm helping out somewhere! -- Pentium? Yes I know what that is..but can you smoke it?
[text was edited by author 2003-09-12 14:46:31] |
|
sentania
join:2003-06-03
Milwaukee, WI | I agree I would much rather see SBC just cut off infected PC's until they fix the problem.
If you were on a school campus network or a corporate network. If you are infected you fix the problem or pull the plug... |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| As I said you can opt out of the port block if you wish. All it takes is a 5 minute call to support or an IM to me.
RadioDoc, yes this is a general announcement. This will soon be on »www.sbc.com and on the »sbc.yahoo.com home page.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
lonebandit
join:2001-12-01
Oak Creek, WI
 ·AT&T U-Verse
| All traffic on port 135 stopped here at 10:41 central time.
Now if we could get rid of ALL the NetBIOS traffic - it would be great.
I still dont support port blocking and would have preferred SBC deal with this like other ISPs (block account access - forcing calls to TS).
But it still is an effort nonetheless.
Thanks.
Jeff
Milwaukee |
|
devrandom
I got a pot, full of random stuff here
Premium
join:2003-06-28
| reply to CCCMTech
I wanted to know..are you guys going to continue to snap people off the RADIUS server because of excess 135 traffic? Or is that going away forever after this system is implemented?
I don't see in a way of 'traffic going to and from' but rather users trying to send out traffic on port 135. Are you guys still going to stick to the same policy?
--
Catch me if you can! I'm helping out somewhere! -- Pentium? Yes I know what that is..but can you smoke it?
[text was edited by author 2003-09-12 16:38:01] |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| This is a block on all port 135 traffic. Even customers on the same Redback will not be able to probe each other on 135. Once customers have requested to be unblocked they can send and receive port 135. If they need to communicate with someone also in SBCIS they will need to make sure they call as well to let us know to unblock the port.
The RADIUS server system will probably still stand. We tried the "force customers to call and troubleshoot" but we only had a 2% success rate.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
bledsoe2coates
join:2001-04-27
Chicago, IL
|  reply to CCCMTech
Re: New Port blocks going into place, please read!!
I was seeing strangers connected to my machine on port 135 and now with the port blocking, they are gone
thanks, SBC!
[text was edited by author 2003-09-12 18:56:42] |
|
Flippant
So Much For Subtlety
Premium,Mod
join:2000-06-04
Katy, TX
Host:
Filesharing Software
Earthlink Cable
Texas Gulf Coast
AT&T U-verse
AT&T Southwest
| reply to CCCMTech
This is a sad day indeed. I used to be able to be able to say that SBC did not port blocking at all. Now it will be "Well only 135 unless you call and opt out". Mark my words port 80 wont be far behind now that they can do this on an account by account basis.
A step closer to being the AOL of broadband. If the RPC worms are causing this much damage to the SBC network, then I think we are only at the beginning of some really nasty times ahead of us. |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| reply to CCCMTech
Re: New Port blocks going into place, please read!
im glad, quite frankly.. i gained more bandwidth, and lost alot of port probes!
port 135 is UNNECESSARY via the internet.
Thank you SBC!!!!
--
"Forewarned is forearmed..." -gwion |
|
bichi
Premium
join:2000-08-18
Sunnyvale, CA
| reply to CCCMTech
CCCMTech,
Ya got a 135 hole somewhere... - hehee!
Just got this one from Level3:
Sep 12, 2003 - 16:32:41.66 PDT - 135/UDP-64.156.39.12 - dialup-64.156.39.12.dial1.denver1.level3.net
This bugger has been transmitting 135's since Aug 26, 2003.
Sent note to both Level3 and PacBell abuse on Aug 30, 03.
I'm on: rback32-fe2-1.snfc21.pbi.net
Keep up the good work and thank you and your team!
(I would have said GREAT work, if you would get me the new profile - *grin*) |
|
Techie2000
In Vertigo
Premium
join:2001-12-05
clubs: | reply to CCCMTech
Re: New Port blocks going into place, please read!!
I have to say that at least they allow you to opt out of the port block. Most ISPs would just block the port and if you tried to use the port they'd say screw you. |
|
