[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thank you, Comcast.

Subject: Thank you, Comcast.
From: nanog at ics-il.net (Mike Hammett)
Date: Fri, 26 Feb 2016 06:36:46 -0600 (CST)
In-reply-to: <[email protected]>

I do on my network (well, the ISP, not the IX). It makes complete sense. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Mikael Abrahamsson" <swmike at swm.pp.se> 
To: "Jared Mauch" <jared at puck.nether.net> 
Cc: "NANOG list" <nanog at nanog.org> 
Sent: Friday, February 26, 2016 12:20:28 AM 
Subject: Re: Thank you, Comcast. 

On Thu, 25 Feb 2016, Jared Mauch wrote: 

> Make sure you permit TCP/53 for DNS queries so if TC=1 lookups work. 

Speaking of which, historically ISPs have been blocking TCP/135, TCP/445 
and a few others towards customers (at least that's what I know). TCP/25 
seems to be blocked as well. 

Why isn't UDP/53 blocked towards customers? I know historically there were 
resolvers that used UDP/53 as source port for queries, but is this the 
case nowadays? 

I know providers that have blocked UDP/53 towards customers as a 
countermeasure to the amplification attacks. As far as I heard, there were 
no customer complaints. 

-- 
Mikael Abrahamsson email: swmike at swm.pp.se

References:
- Thank you, Comcast.
  - From: swmike at swm.pp.se (Mikael Abrahamsson)

Prev by Date: Standard terminology for a dark fiber path?
Next by Date: Thank you, Comcast.
Previous by thread: Thank you, Comcast.
Next by thread: Thank you, Comcast.
Index(es):
- Date
- Thread