TELUS HSIA Security Measures Policy

TELUS HSIA Security Measures Policy

Effective June 2004, TELUS implemented security measures on the High Speed Internet Access network called the HSIA Security Policy, which mainly consists of blocking certain network ports on the network in an effort to reduce the exploitation of customer PCs, and to reduce the levels of spam entering and leaving the network.

The purpose of the HSIA Security Policy is to protect the TELUS HSIA network from viruses.

Note: TELUS Port Blocking will only affect customers on Dynamic IP packages. Customers on Static IP packages will still have access to all Ports.

Why has TELUS implemented the HSIA security policy?


The security policy has been implemented to protect the TELUS network from new type of viruses and worms that propagate themselves through unsecured/unpatched computers. A few examples of such worms are Nachi, MSBlaster and Sasser. Any computer that has one of these viruses will immediately infect other computers on the network that do not have the proper security measures in place.

Benefits to customers


  • By TELUS protecting its network, customers receive additional protection against hackers, viruses and spam as a by-product
  • By TELUS protecting its network, customers receive additional protection against hackers, viruses and spam as a by-product
  • Inhibiting the spread of email viruses. Most email viruses have built-in email SMTP engines which allow viruses to email themselves to all the recipients in an address book without the user knowing; by TELUS blocking outbound SMTP traffic if a customer has an email virus it will not be able to spread itself to others
  • Reduced spam. By TELUS blocking outbound port 25 (SMTP), customers machines who have a virus whose goal is to turn the PC into a "zombie" machine will no longer flood the internet with millions of spam messages. This helps significantly reduce spam, especially considering that 95% of the world’s spam originates from 'zombie' boxes
  • Customers who neglect, are not aware of, or simply do not update their Windows software will no longer be as vulnerable. The security policy blocks how hackers and viruses exploit the security issues in Windows. This is not an alternative to customers updating their operating systems. Customers should still keep their Windows Operating Systems up to date
  • TELUS is not guaranteeing in anyway full protection of the customer’s computer but simply providing security for the TELUS network which consequently provides for a higher level of protection for TELUS customers. This policy is in no way a guarantee that customers’ computers won't get exploited by other means

What are internet ports?


All programs that connect to the Internet use a specified "port". You can think of a port as a small part of your network connection and there are thousands of these "ports". All programs connect on various ports to the TELUS network. For example, if you are using a web browser, such as Google Chrome, you are browsing the web on port 80 or 443.

What ports is TELUS blocking?


The following ports will have inbound (ingress) and in some cases outbound traffic blocked.

TCP 21 (ftp)

  • Customers running an FTP server will no longer be able to have Internet users connect to their server
  • This prevents computers to be used as FTP servers to store illegal files

TCP 25 (smtp)

  • Customers running a SMTP mail server will no longer be able to receive e-mail requests, nor will it allow outbound traffic for mail servers external to the TELUS.NET, TELUS IDCs and Hostopia networks on port 25
  • This prevents mail servers that operate as an open relay. Open relays are used without a customer's knowledge to send millions of pieces of spam

TCP 110 (pop3)

  • Customers running a POP mail server will no longer be able to have Internet users connect to the server
  • This prevents mail servers that operate as an open relay. Open relays are used without a customer's knowledge to send millions of pieces of spam

TCP 6667 (ircd)

  • Customers running an IRC server (Internet Relay Chat) will no longer be able to have Internet users connect to the server

TCP 7547

  • This port is blocked to help secure TELUS customer-premises equipment (CPE) devices. It is used to remotely manage equipment, troubleshoot and reset the gateways

TCP/UDP port 19 (chargen)

  • This port is a known exploit used with distributed denial-of-service (DDoS) attacks

TCP/UDP 135-139 (dcom and netbios)

  • These ports are commonly exploited by worm viruses
  • 135 Windows RPC
  • 136 PROFILE Naming System (basically unused)
  • 137-139 Windows NetBios

TCP/UDP 445 (ms-ds)

  • Microsoft Directory Services - Customers that allow legitimate Internet users access to their computers will lose this ability
  • This allows hackers to directly connect to a Windows based computer and gain total control over the OS

TCP/UDP 1433-1434 (ms-sql)

  • Microsoft SQL server - Customers running an SQL server will no longer be able to have Internet users connect to their server
  • There are several worm viruses that exploit holes in SQL server

UDP 1900 (SSDP)

  • Microsoft Simple Service Discovery Protocol - Customers experience denial of service because of vulnerabilities in the software that allows networked devices, including PCs, printers, Wi-Fi access points and mobile phones, to find and network with each other

Search Support