Blocking ports at SPARK before the traffic hits my firewall

✨ Quic broadband | Apple TV | Samsung | AliExpress | Wise | Sharesies

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Spark New Zealand (including Skinny and BigPipe) › Blocking ports at SPARK before the traffic hits my firewall

Astrocat

11 posts

Geek
Inactive user

#243605 20-Dec-2018 11:54

Send private message

Hi,

Like most who look at the firewall logs, it is littered with numerous attempts to connect to the public IP address assigned on port 22 and port 23.

Some people may want legitimate SSH traffic into the firewall, 99% of us do not, and the telnet port is just internet junk traffic from old devices.

Could spark introduce an option to block ports we select before it hits our edge device.

I know this should be possible as filtering of other posts already happens at the ISP level.

Many Thanks

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

cbrpilot

964 posts

Ultimate Geek
+1 received by user: 555

Trusted

Spark NZ

#2148588 20-Dec-2018 22:25

Send private message

@Astrocat I hear what you are saying. Let's face it, there are may bots, hackers etc which go scanning the internet looking for devices that have these ports open and seeing if they can get in (and what mischief they can get up to if they do get in). It would be great to block that traffic. Unfortunately there is enough legitimate traffic out there that this would likely be problematic to roll out and administer. The fact is that the >99% would get no benefit from such a policy too as the default config in our modems and routers have these ports blocked (on the WAN interface) by default - and most (some crazy high number) of our customers use the routers we supply.

So in my personal opinion there is a very low benefit to rolling out a policy to block this traffic, and a moderate number of customers that would negatively be impacted by this change (i.e. not hundreds of thousands, but we're not talking just a handful here!). And those that were impacted would be highly impacted - they may have many sites they remotely manage etc that would require an opt out.

While I appreciate the suggestion (and if you have others, always keen to hear how we could make the service better!) I hope you can understand why I'm not keen on this one.

Disclaimer: that is just my personal view and I can't claim to speak for all of Spark here.

Dave.

My views are my own, and may not necessarily represent those of my employer.

News and reviews »

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Spark Launches Satellite Service with SMS and data options
Posted 2-Apr-2026 09:16

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2026 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright