Skip to content
TELUS Logo

TELUS HSIA Security Measures Policy

TELUS HSIA Security Measures Policy

Effective June 2004, TELUS implemented security measures on the High Speed Internet Access network called the HSIA Security Policy, which mainly consists of blocking certain network ports on the ADSL network in an effort to reduce the exploitation of customer PCs, and to reduce the levels of SPAM entering and leaving the ADSL network.

The purpose of the HSIA Security Policy is to protect the TELUS HSIA (ADSL) network from viruses.

NOTE: TELUS Port Blocking will only affect customers on Dynamic IP packages - customers on Static IP packages will still have access to all Ports.

Why has TELUS implemented the HSIA Security Policy?

The security policy has been implemented to protect the TELUS ADSL network from new type of viruses and worms that propagate themselves through unsecured/unpatched computers. A few examples of such worms are: Nachi, MSBlaster and Sasser. Any computer that has one of these viruses will immediately infect other computers on the network that do not have the proper security measures in place.

Benefits to Customers

  • By TELUS protecting its network, customers receive additional protection against hackers, viruses and spam as a by-product.
  • By TELUS protecting its network, customers receive additional protection against hackers, viruses and spam as a by-product.
  • Inhibiting the spread of email viruses. Most email viruses have built-in email SMTP engines which allow viruses to email themselves to all the recipients in an address book without the user knowing; by TELUS blocking outbound SMTP traffic if a customer has an email virus it will not be able to spread itself to others.
  • Reduced Spam. By TELUS blocking outbound port 25 (SMTP), customers machines who have a virus whose goal is to turn the PC into a "zombie" machine will no longer flood the internet with millions of Spam messages. This helps significantly reduce Spam, especially considering that 95% of the world’s Spam originates from 'zombie' boxes.
  • Customers who neglect, are not aware of, or simply do not update their Windows software will no longer be as vulnerable. The security policy blocks how hackers and viruses exploit the security issues in Windows. This is not an alternative to customers updating their operating systems; customers should still keep their Windows Operating Systems up to date.
  • TELUS is not guaranteeing in anyway full protection of the customer’s computer but simply providing security for the TELUS network which consequently provides for a higher level of protection for TELUS customers. This policy is in no way a guarantee that customers’ computers won't get exploited by other means.

What are Internet Ports?

All programs that connect to the Internet use a specified "port". You can think of a port as a small part of your ADSL/Network connection and there are thousands of these "ports". All programs connect on various ports to the TELUS network. For example, if you are using Internet Explorer you are browsing the web on port 80.

What Ports are TELUS blocking?

The following ports will have inbound (ingress) and in some cases outbound traffic blocked.

TCP 21 (ftp)

  • Customers running an FTP server will no longer be able to have Internet users connect to their server.
  • This prevents computers to be used as FTP servers to store illegal files.

TCP 25 (smtp)

  • Customers running a SMTP mail server will no longer be able to receive e-mail requests, nor will it allow outbound traffic for mail servers external to the TELUS.NET, TELUS IDCs and Hostopia networks on port 25.
  • This prevents mail servers that operate as an open relay. Open relays are used without a customer's knowledge to send millions of pieces of Spam.

TCP 80 (www)

  • Customers running a Web server will no longer be able to have Internet users connect to their server.
  • Common exploit on old Window IIS server and Linux boxes that are not properly patched.

TCP 110 (pop3)

  • Customers running a POP mail server will no longer be able to have Internet users connect to the server.
  • This prevents mail servers that operate as an open relay. Open relays are used without a customer's knowledge to send millions of pieces of Spam.

TCP 6667 (ircd)

  • Customers running an IRC server (Internet Relay Chat) will no longer be able to have Internet users connect to the server.

TCP/UDP 135-139 (dcom and netbios)

  • These ports are commonly exploited by worm viruses.
  • 135 Windows RPC
  • 136 PROFILE Naming System (basically unused)
  • 137-139 Windows NetBios

TCP/UDP 443 (ssl)

  • Customers will not be able to accept inbound ssl connections on this port.
  • Customer IP Point Of Sale (IP POS) devices are not blocked. No need for a Server plan for IP POS

TCP/UDP 445 (ms-ds)

  • Microsoft Directory Services - customers that allow legitimate Internet users access to their computers will lose this ability.
  • This allows hackers to directly connect to a Windows based computer and gain total control over the OS.

TCP/UDP 1433-1434 (ms-sql)

  • Microsoft SQL server - Customers running an SQL server will no longer be able to have Internet users connect to their server.
  • There are several worm viruses that exploit holes in SQL server.

Search Support