Blocked internet ports

Ports on the Internet are like virtual doors that data can pass through. All Internet traffic passes through ports to get to and from systems and services across the Internet.

When a certain port is known to be subject to security vulnerabilities, we sometimes block that port on our network.
These ports are blocked at a network level. Traffic over these ports within your local network will continue to operate as normal but will be inaccessible over these ports to devices outside of your network.

Blocked Ports

TCP & UDP ports 135, 137,138 – Used by the NetBIOS service
NetBIOS services allow file sharing over a local network. When exposed to the Internet, it can be exploited to carry out malicious activities such as Distributed Denial of Service (DDoS) attacks or to gain unauthorised access to systems on a local network.

TCP & UDP port 445 – Used by the SMB protocol
Port 445 is vulnerable to a number of attacks which target vulnerabilities in systems running file-sharing services. This port is used by various malware strains to gain entry to a network, namely the WannaCry and Nimda malware variants.

Frequently Asked Questions (FAQ)

Can the blocking of these ports cause issues to my Broadband service?

In most cases no, you will only encounter a problem if you need to access a service that you run on your local network via one of the ports that are blocked on our network.

If this doesn’t sound familiar to you then you’re very unlikely to be unaffected as it is generally only specific to advanced local networks that have been manually configured.

I run an application/service that uses a blocked port

The ports blocked on our network are used by services that are generally not designed for use on the Internet. They can be used on a local network but should not be exposed to the wider Internet.

I can’t run a publicly accessible Samba share because port 445 is blocked!

Using Samba as a file-sharing service for transferring/accessing files to/from devices outside of your local network is unsecure as there is a risk of your data being intercepted by third parties.

Alongside this, there are a number of known vulnerabilities with services that use port 445. These vulnerabilities can be exploited by third parties to gain unauthorised access to your device(s).

We recommend using an alternative file-transfer protocol such as the widely used SFTP (SSH File Transfer Protocol).

I run a server that I’ve configured to run on a blocked port

If you’ve configured a server on your network to run on a port number you’ve chosen yourself, and the port is listed in the Blocked Ports list above, then you will need to reconfigure your system to run on a port that isn’t on the blocked list.

We also recommend you choose a port number that is not used by a widely used service, as this may cause issues with your server’s connectivity.

A list of ports and the services they’re used by is available at:

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers *

WHERE CAN I FIND FURTHER SECURITY INFORMATION AND ADVICE?

Get Safe Online is the UK’s leading source of unbiased, factual and easy-to-understand information on online safety. This is a unique resource providing practical advice on how to protect yourself, your computers and mobile devices against fraud, identity theft, viruses and many other problems encountered online - getsafeonline.org *

* These links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems