USI Support

Back to Support

USI Access Control Filters

There are various kinds of DoS attacks happening on the Internet all of the time. Some attacks present a greater risk than others—in particular distributed DoS attacks, also known as DDoS attacks. These kinds of attacks enlist the participation of many computers across the Internet, usually in secret and through the use of computer viruses, worms, botnets, etc.

 

In order to help reduce the spread of these kinds of malicious infections and their ability to perform actual attacks, US Internet has installed access control filters on its ISP connectivity services: FTTP and USI Wireless networks. Whereas the majority of these access control filters have no impact on normal traffic, some may affect current subscribers in some cases.

 

Following is a list of restricted ports to which US Internet has applied filters, and an explanation of the risk that the filter mitigates. US Internet reserves the right to make changes to the list below as needed to protect the integrity and quality of service of our networks.

 

List of Blocked Ports

 Protocol(s) Port Direction Explanation
 SMTP* 25/TCP Inbound and Outbound Anti-Spam. Securence Mail is excluded. See Anti-Spam section below for additional details
 DNS* 53/UDP Inbound DDoS Amplification Attacks
 SNMP 161/UDP Inbound DDoS Amplification Attacks and Significant Security Risks
 NTP 123/UDP Inbound DDoS Amplification Attacks
 SSDP 1900/UDP Inbound DDoS Amplification Attacks and Security Risks
 QOTD 17/UDP Inbound DDoS Amplification Attacks
 CharGEN 19/UDP Inbound DDoS Amplification Attacks
 NetBIOS 137/UDP Inbound DDoS Amplification Attacks and Security Risks
 NetBIOS 922/UDP Inbound DDoS Amplification Attacks
 NetBIOS 1022/UDP Inbound DDoS Amplification Attacks
999/TCP Inbound Vulnerability mitigation

*Ports not filtered for business class FTTP service

 

External reference links on amplification attacks:


Anti-Spam Details

In order to help protect against spam US Internet has implemented a filtering policy to control inbound and outbound SMTP traffic through our ISP connectivity services, including FTTP and USI Wireless networks.  This means that both inbound and outbound SMTP traffic on port 25/TCP is filtered.

 

Inbound SMTP Filtering
Inbound SMTP filtering prevents open email relays which allow unlimited spamming from almost anywhere on the Internet.

 

Outbound SMTP Filtering
Outbound SMTP filtering prevents botnets and viruses from sending spam out to the Internet from computers. Webmail service (e.g. Outlook Web Access, Google Webmail, US Internet Webmail, etc) users are not affected by this filter.  Local mail program (e.g. Microsoft Outlook, Apple Mail, Mozilla Thunderbird) users and many mobile device (e.g. tablets and smartphones) users may be affected, depending on how their programs and devices are configured.

 

As an option, users may apply additional email filters to further secure their inbound and outbound email.  US Internet’s email filtering and management service, Securence, provides multiple filtering layers, techniques and options to head off all types of risks.  US Internet (@usinternet.com and @usiwireless.com) email users already receive this anti-spam filtering with their e-mail service.  The Securence staff monitors global email threats day in and day out, and updates its signatures and protective measures continuously (see http://www.securence.com/services/our-services for more details).

 

Securence Mail Settings
If you choose to use Securence, please refer to the table below for server settings. You also must setup SMTP Authentication.  Use your full @usinternet.com or @usiwireless.com email address for the username.

 

SMTP Server Address: mail.securence.com
SMTP Port: 587
SMTP Security: SSL/TLS (optional but recommended)
POP3 and/or IMAP settings do not need to be changed

 

If you use a third party email system through your employer, university, Google or other source, make sure you are connecting to an alternative TCP port, such as port 587. Edit your mail client SMTP settings accordingly as described the documentation for those systems, or system administrators.*

 

*Information on using Google’s SMTP services.

University of Minnesota e-mail settings page

Securence Glossary of Spam Terms

 

Please contact technical support if further assistance is needed.