Joined: 27 Apr 2006
Location: Oklahoma City
|Posted: Mon Apr 21, 2008 4:02 pm Post subject: Info On Blocked Ports
|This should help on understanding why certain ports are blocked by your (CABLE) ISP provider. This is what COX Cable has on their website. This may or may NOT be the case for all Cable Company’s and or DSL Customers. This only applies to Residential, not Business. Business Customers have all Ports wide open.
Reasons For Filtering Ports
Protecting customers - Certain ports are filtered to protect our customers. We can protect against certain common worms and from dangerous services on our customers' computers that could allow intruders access.
Protecting upstream bandwidth - Upstream bandwidth to a cable plant is limited. If customers overuse their upstream bandwidth by running high-traffic servers or becoming infected with a worm or virus, it can degrade the service of other customers on that node.
Protecting the rest of the Internet - Some filters prevent our customers from attacking other computers on the Internet. In addition to being in our best interests for protecting our bandwidth, it is our responsibility to prevent abuse of our network.
Port / Transport / Protocol / Direction / Reason for Filtering
25 / TCP / SMTP / Both* / SMTP Relays
80 / TCP / HTTP / Inbound / Web servers, worms
135 / UDP / NetBios / Both / Net Send Spam - Pop-ups, Worms
136-139 / UDP, TCP / NetBios / Both / Worms, Network Neighborhood
445 / TCP / MS-DS - NetBios / Both / Worms, Network Neighhood
1433 / TCP / MS-SQL / Inbound / Worms, Trojans
1434 / UDP / MS-SQL / Inbound / Worms, SQLslammer
1900 / UDP MS-DS/ NetBios / Both / Worms, Network Neighborhood
1243, 6776 / TCP / Subseven / Both / SubSeven Trojan
*SMTP is only permitted outbound to Cox-provided SMTP servers.
Detailed Explanations Of Filtered Ports
25 / TCP - SMTP Mail servers use Simple Mail Transport Protocol (SMTP) to exchange email. We block this to protect upstream bandwidth and prevent customers from running open relays could potentially be used by others to send spam via our network.
80 / TCP - HTTP Web browsers use Hypertext Transport Protocol (HTTP) to communicate with web servers. In addition to protecting bandwidth by preventing customers from running high-traffic web servers, we can stop many destructive worms that spread through security holes in web server software.
135, 137 / UDP, 135, 139 / TCP, 445 MS-DC – NetBIOS NetBIOS (also known as Server Message Block, LanManager, and Common Internet File System) is a networked file sharing protocol. The Microsoft Windows “Network Neighborhood” runs over NetBIOS. We filter these ports to protect customers from exposing files on their computers, and to block worms which spread through open file shares. The latest addition to this series, a consolidated service port (TCP445), has also opened new similar security risks in Win2K and WinXP.
1433 / TCP, 1434 / UDP –
MS-SQL Microsoft SQL Server is a database application with a long history of security exploits, and is noted for the propagation of the SQLslammer worm. These ports are filtered to prevent exploitation and propagation of such MS-SQL exploits.
1900 / UDP - UPnP discovery / SSDP is a service that runs by default on WinXP. It creates an immediately exploitable security vulnerability for any network. Filtering this port proactively prevents XP systems from being remotely compromised by malicious worms or intruders.