NTL increases amount of port blocking on their network
NTL has taken a drastic move to control 'worm' traffic on its network. The idea is that by blocking a range of ports that the vulnerability to Welchia and MSBlast worms will be reduced for users of the NTL service. It is assumed the restrictions only affect users on the NTL Home service, since some of the ports now blocked in the inbound direction are common ones used by business users. NTL has in the past re-jigged its Terms and Conditions to try and force business users from the Home service to the business range.
The ports blocked are:
- 137 (UDP), 138 (UDP), 139 (TCP), 445 (UDP & TCP), 593 (TCP), these ports are used by Windows File and Print sharing. It will not affect file/print sharing on a local LAN, it will only stop it working across the Internet. Other side effects of closing these ports is that MS Exchange in conjunction with Outlook will not work, and DCOM applications are now broken.
- Ports 1433 (TCP), 1434 (UDP), these ports are used by SQL server. Also it is possible that users may see the odd 'page not found' message, from their web browser.
- 27374 (TCP) no specific application is blocked, but there may be the odd random quirk or small application someone is using that uses the port.
NTL themselves have a Q&A page on the port blocking which is available here. This move smacks almost of desperation, and one must wonder how many more ports NTL will block in the future as new worms are written.
NTL is taking a risk with these blocks, there are many people who have home based services, but perhaps check their office email or use a work laptop for an hour or two a week at home. Now these people will be potentially alienated by the service. Even worse affected will be those hobbyist users who run business type applications but purely for home use.
If port blocking is the only way to fight worms then the Internet will grind to a halt someday. The ISP should at least offer a mechanism whereby users can take on responsibility by requesting the removal of the firewall on their connection.