USI Access Control Filters
There are various kinds of DoS attacks happening on the Internet all of the time. Some attacks present a greater risk than others—in particular distributed DoS attacks, also known as DDoS attacks. These kinds of attacks enlist the participation of many computers across the Internet, usually in secret and through the use of computer viruses, worms, botnets, etc.
In order to help reduce the spread of these kinds of malicious infections and their ability to perform actual attacks, US Internet has installed access control filters on its ISP connectivity services: FTTP and USI Wireless networks. Whereas the majority of these access control filters have no impact on normal traffic, some may affect current subscribers in some cases.
Following is a list of restricted ports to which US Internet has applied filters, and an explanation of the risk that the filter mitigates. US Internet reserves the right to make changes to the list below as needed to protect the integrity and quality of service of our networks.
List of Blocked Ports
|SMTP*||25/TCP||Inbound and Outbound||Anti-Spam. Securence Mail is excluded. See Anti-Spam section below for additional details|
|DNS*||53/UDP||Inbound||DDoS Amplification Attacks|
|SNMP||161/UDP||Inbound||DDoS Amplification Attacks and Significant Security Risks|
|NTP||123/UDP||Inbound||DDoS Amplification Attacks|
|SSDP||1900/UDP||Inbound||DDoS Amplification Attacks and Security Risks|
|QOTD||17/UDP||Inbound||DDoS Amplification Attacks|
|CharGEN||19/UDP||Inbound||DDoS Amplification Attacks|
|NetBIOS||137/UDP||Inbound||DDoS Amplification Attacks and Security Risks|
|NetBIOS||922/UDP||Inbound||DDoS Amplification Attacks|
|NetBIOS||1022/UDP||Inbound||DDoS Amplification Attacks|
*Ports not filtered for business class FTTP service
External reference links on amplification attacks:
In order to help protect against spam US Internet has implemented a filtering policy to control inbound and outbound SMTP traffic through our ISP connectivity services, including FTTP and USI Wireless networks. This means that both inbound and outbound SMTP traffic on port 25/TCP is filtered.
Inbound SMTP Filtering
Inbound SMTP filtering prevents open email relays which allow unlimited spamming from almost anywhere on the Internet.
Outbound SMTP Filtering
Outbound SMTP filtering prevents botnets and viruses from sending spam out to the Internet from computers. Webmail service (e.g. Outlook Web Access, Google Webmail, US Internet Webmail, etc) users are not affected by this filter. Local mail program (e.g. Microsoft Outlook, Apple Mail, Mozilla Thunderbird) users and many mobile device (e.g. tablets and smartphones) users may be affected, depending on how their programs and devices are configured.
As an option, users may apply additional email filters to further secure their inbound and outbound email. US Internet’s email filtering and management service, Securence, provides multiple filtering layers, techniques and options to head off all types of risks. US Internet (@usinternet.com and @usiwireless.com) email users already receive this anti-spam filtering with their e-mail service. The Securence staff monitors global email threats day in and day out, and updates its signatures and protective measures continuously (see http://www.securence.com/services/our-services for more details).
Securence Mail Settings
If you choose to use Securence, please refer to the table below for server settings. You also must setup SMTP Authentication. Use your full @usinternet.com or @usiwireless.com email address for the username.
|SMTP Server Address:||mail.securence.com|
|SMTP Security:||SSL/TLS (optional but recommended)|
|POP3 and/or IMAP settings do not need to be changed|
If you use a third party email system through your employer, university, Google or other source, make sure you are connecting to an alternative TCP port, such as port 587. Edit your mail client SMTP settings accordingly as described the documentation for those systems, or system administrators.*
Please contact technical support if further assistance is needed.