<p dir="ltr">Unfortunately, when they ship ADSL modems with the built-in WiFi AP turned on running an unsecured broadcast SSID and a default username/password for administration (also available over the WiFi connection), open telnet ports are the least of their concerns...</p>
<div class="gmail_quote">On 15/01/2014 6:48 PM, "Tim March" <<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I've always liked the idea that Internode do this... Mainly because it<br>
cuts down the load of my syslogd =)<br>
<br>
That said, also I totally understand the "OK, if we keep adding ports to<br>
the list then where do we stop?" argument against expanding the coverage.<br>
<br>
What I /don't/ understand is why some carriers (Bigpond, for example),<br>
who are subject to massive operational risk with the telnet thing,<br>
continue to ignore it. This pisses me off a little because they'll be<br>
the first one to cry "OMFG EVIL CYBER HAX0RS CYBER PWNED ALL OUR<br>
CUSTOMERS ZOMGWTF ***Violently mashes AFP speed dial button***" when<br>
someone finally uses it to bend them over.<br>
<br>
<br>
<br>
T.<br>
<br>
On 15/01/14 6:32 PM, Quentin Rittman wrote:<br>
> from my iinet customer toolbox:<br>
> "<br>
><br>
> * Port 25 (smtp) inbound and outbound<br>
> * Port 80 (http) inbound<br>
> * Port 135 DCOM SCM inbound<br>
> * Port 139 (netbeui/ipx) inbound<br>
> * Port 443 inbound<br>
> * Port 445 Microsoft Windows File sharing / NETBIOS inbound<br>
><br>
><br>
><br>
> from my internode toolbox:<br>
><br>
><br>
> Outbound<br>
><br>
> * Port 25 (SMTP) to anywhere except <a href="http://mail.internode.on.net" target="_blank">mail.internode.on.net</a><br>
> <<a href="http://mail.internode.on.net" target="_blank">http://mail.internode.on.net</a>><br>
><br>
> * Port 135 - RPC<br>
> * Port 137 - NetBIOS<br>
> * Port 138 - NetBIOS<br>
> * Port 139 - NetBIOS<br>
> * Port 445 - SMB/CIFS<br>
><br>
><br>
> Inbound<br>
><br>
><br>
> Windows File Sharing<br>
><br>
> * Port 135 - RPC<br>
> * Port 137 - NetBIOS<br>
> * Port 138 - NetBIOS<br>
> * Port 139 - NetBIOS<br>
> * Port 445 - SMB/CIFS<br>
><br>
><br>
> Servers and Web<br>
><br>
> * Port 22 - Secure Shell (SSH)<br>
> * Port 23 - Telnet<br>
> * Port 80 - Web pages (HTTP)<br>
> * Port 443 - Secure web pages (HTTPS)<br>
> * Port 3128 - Web proxy server<br>
> * Port 8080 - Web proxy server<br>
><br>
><br>
><br>
> On 15 Jan 2014, at 6:20 pm, Joshua D'Alton <<a href="mailto:joshua@railgun.com.au">joshua@railgun.com.au</a><br>
> <mailto:<a href="mailto:joshua@railgun.com.au">joshua@railgun.com.au</a>>> wrote:<br>
><br>
>> Still is. Can't remember the exact ports, think 21-25 80 443 8080 .<br>
>> Might be a BoB thing also.<br>
>><br>
>><br>
>> On Wed, Jan 15, 2014 at 3:57 PM, Damian Guppy <<a href="mailto:the.damo@gmail.com">the.damo@gmail.com</a><br>
>> <mailto:<a href="mailto:the.damo@gmail.com">the.damo@gmail.com</a>>> wrote:<br>
>><br>
>> Once upon a time iiNet did this as well, it was just something you<br>
>> toggled in Toolbox, not sure if that is still the case.<br>
>><br>
>> --Damian<br>
>><br>
>><br>
>> On Wed, Jan 15, 2014 at 12:55 PM, Robert Hudson <<a href="mailto:hudrob@gmail.com">hudrob@gmail.com</a><br>
>> <mailto:<a href="mailto:hudrob@gmail.com">hudrob@gmail.com</a>>> wrote:<br>
>><br>
>> On 15 January 2014 15:49, Tim March <<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a><br>
>> <mailto:<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a>>> wrote:<br>
>><br>
>> Surely the easy answer here, at least the carriers who are<br>
>> already<br>
>> filtering, is to go;<br>
>><br>
>> "OK, we know this is a huge risk so we're doing this. Call<br>
>> us if you<br>
>> want the port re-enabled."<br>
>><br>
>><br>
>> This is exactly what Internode do. They have a standard set<br>
>> of ports they block, and that's turned on by default on all<br>
>> consumer services. You can fiddle with the settings under<br>
>> your account management tools on their website.<br>
>><br>
>> _______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>><br>
>> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>><br>
>> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>><br>
>> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
<br>
--<br>
PGP/GNUPG Public Key: <a href="http://d3vnu11.com/pub.key" target="_blank">http://d3vnu11.com/pub.key</a><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>