Articles on: Internet
This article is also available in:

Is there any traffic or ports that oxio blocks?

The security of our customers is our top priority



In this case, we decided to block SNMP and SMTP traffic on our network (Inbound only). Fortunately, no other ports are blocked!



SNMP



SNMP (Simple Network Management Protocol - UDP 161) is a networking protocol used for the management and monitoring of network-connected devices. Devices will share a lot of information to a core server that handles all the data. This allows an Information technology (IT) team to monitor and maintain a global infrastructure:

Collects current traffic on a particular link
Can find out the storage space available on a particular server, etc.
Manage devices
Shutdown a router interface
Reboot a device

SNMP allows us to quickly diagnose outages or degraded services. It is used in the infrastructure of all ISPs.

Now, why might this be harmful to your network's security?



SNMP is not completely secure. By default, only the most recent version is encrypted. That is, if you use SNMPv1 or v2 from/to the internet (outside of your network), you are transmitting unencrypted data about your devices over the internet.

It's a security breach. Cybercriminals may seek to create SNMP connections to your network in order to gather intelligence about your network and traffic, which poses as significant security risk.

SMTP



SMTP (Simple Message Transfer Protocol - TCP 25/465/587/2525) is a well-known protocol that we've all used without even realizing it.

But how exactly?


You must have a working email address (I mean, you need one to subscribe). This protocol is associated with emails. But do not be alarmed! You will be able to send and receive emails as usual.

What is the effect in this instance?


You won’t be able to host an email server within your network - but not everyone hosts an email server.

We decided to block SMTP for a variety of security concerns.

Assume you host your mail server but do not prioritize updating and security—your mail server is vulnerable. An attacker may infect the server and use it to send hundreds of phishing and scam emails all across the world. It overburdens the network, allowing attackers to reach more potential victims.

Our objective is to create a safer internet, and blocking this port will assist in reducing cybercrime and unwanted network intrusion.

Some viruses are installed when an unsuspecting user is tricked into clicking on a link or attachment that contains malware. Some will use you as an SMTP relay, performing the tasks indicated above and using your devices to send phishing emails.

Aside from SNMP and SMTP, all other ports are functional! ☺

Updated on: 02/11/2022