On Wed, 5 Jun 2013 13:57:59 +0100 Mark Rogers mark@quarella.co.uk allegedly wrote:
On 5 June 2013 11:41, steve-ALUG@hst.me.uk wrote:
The ports that are appearing as closed are: 135, 137, 138, 139, 445
Solved. It's my ISP. They started blocking these ports for everyone.
Interesting that the ports they've had to block are all standard Windows ports (mostly for file sharing).
Surely most home users are sitting behind a router that wouldn't be forwarding these anyway, so I wonder what is the reason for having to block them? Are people opening ports on their routers to allow file sharing, or is there another reason why this would be enough of a vulnerability to justify blocking ISP-wide?
Mark
It depends on /where/ in their infrastructure they are blocking them. Those ports have been used by (some) worms in the past and many ISPs choose to block the ports at their upstream routers. Unfortunately they often forget to block closer to some of their infrastructure and I have seen lots of (potentially hostile) scanning activity on those ports on VMs hosted at cheap providers (Thrust, I'm looking at you).
Mick ---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------