Blocked Ports

Article ID: 29

Does Infinity Internet block any ports?

Blocked Ports: How they affect you and what we can do for affected users.

We are blocking the following ports on all of our Upstream (internet) connections. To the right of the port is a description of the service and the current worms that utilize them.

Port Description Worms
TCP 135 NetBIOS MS Blast and Nachi Worms
UDP 137 NetBIOS MS Blast and Nachi Worms
TCP 139 NetBIOS MS Blast and Nachi Worms
UDP 445 SMB MS Blast and Nachi Worms
TCP 445 SMB MS Blast and Nachi Worms
UDP 1434 MSSQL Slammer Worm
TCP 4444 Back Door created by W32.Blaster.Worm
UDP 8998   SoBIG
UDP 2048 Cisco IOS Webcache (Vulnerability)
TCP 2002 Cisco Secure Access Control Server (Vulnerability)
TCP 4156 Back Door created by Linux Slapper worm
TCP 5554   Sasser Worm
TCP 6777   BAGEL Worm
TCP 9996   Sasser Worm

NetBIOS ports 135, 137, 139 and 445: Used for file and printer sharing as well as MS Exchange e-mail. People trying to use/access these services outside our network will be unable to use them. This also applies to people outside our network trying to access these ports within our network.

Infinity Internet recommends the use of a Firewall and VPN (Virtual Private Network) for connections requiring these ports.

If you require these ports opened due to having an outside Exchange e-mail account or access remote printers and file shares we can allow them through, but it requires that you have a static IP. If you are a DHCP DSL user and need access to these services you must upgrade to a static IP before we will open access to them. This is because access is granted by IP. Because DHCP IP’s can and will change they cannot be allowed through the block. To request an IP be allowed through please contact our Technical Support department.

UDP 1434: Used to access MSSQL Databases. This is also blocked incoming and outgoing. Customers will not be able to access this service outside our network and vice versa. Once again if you require access to this service you must have a static IP. To request an IP be allowed through please contact our Technical Support department.

UDP 8998: The port that SoBig tried to contact the 20 servers on. This port is blocked as a precautionary measure. Since this is an unregistered port it should not affect customers.

UDP 4444: Back door created by Blaster worm. This port is blocked as a precautionary measure. Since this is an unregistered port it should not affect customers.

UDP 2048: A Cisco Webcache Control vulnerability. We do not use this but the port is blocked as a precautionary measure. Since this is an unregistered port it should not affect customers.

TCP 2002: Cisco Secure Access Control Server vulnerability. We do not use this but the port is blocked as a precautionary measure. Since this is an unregistered port it should not affect customers.

TCP 4156: Back door created by Linux Slapper worm. Since this is an unregistered port it should not affect customers.

TCP 5554 and 9996: Ports exploited by the Sasser Worm. See Microsoft's website for detailed information.