For security reasons, we block certain outbound ports on our network. This article details which ports are blocked and the reasons behind these restrictions.
Blocked by default
These ports are blocked by default but can be unblocked upon request via a support ticket.
| Port | Protocol | Service | Reason for Blocking |
|---|---|---|---|
| 25 | TCP | SMTP | Prevent spam from compromised servers |
| 137 | TCP/UDP | NetBIOS Name Service | Vulnerable protocol frequently exploited |
| 138 | TCP/UDP | NetBIOS Datagram | Vulnerable protocol frequently exploited |
| 139 | TCP/UDP | NetBIOS Session | Vulnerable protocol frequently exploited |
| 445 | TCP/UDP | SMB over TCP | Vulnerable protocol used in ransomware attacks |
| 1688 | TCP | Microsoft KMS (inbound only) | Prevent unauthorized license activation |
Requesting Unblock
If your legitimate use case requires access to any of these ports, you can request unblocking by opening a support ticket at https://soporte.telecu.cloud. Include:
- The port you need unblocked
- The reason for use
- The source and destination IP addresses involved
Each request is evaluated individually.
Permanently blocked
These ports are commonly abused for DDoS amplification attacks. The block is permanent and cannot be removed.
| Port | Protocol | Service | Reason for Blocking |
|---|---|---|---|
| 17 | TCP/UDP | QOTD (Quote of the Day) | DDoS amplification |
| 19 | TCP/UDP | Chargen | DDoS amplification |
| 1900 | TCP/UDP | SSDP (UPnP) | DDoS amplification |
| 53413 | UDP | Netis Router Backdoor | Known router vulnerability |
| 11211 | UDP | Memcached | DDoS amplification |
RFC 1918 range filtering
We filter private address ranges (RFC 1918) on public network interfaces. This prevents routing traffic with private IP addresses to the Internet.
| Range | CIDR Notation |
|---|---|
| 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 |
| 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 |
| 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 |