Port 0/TCP: Port 0 is a reserved port. This port should not be used for any applications. Blocking protects our customers from potentially harmful types of network abuses.
Port 19/UDP: Port 19 Chargen is a protocol designed to generate a stream of characters for debugging and measurement. Because more recent tools have been developed for measurement and debugging purposes, blocking protects against use of this port in Reflective DDOS attacks.
Port 25/TCP: Simple Mail Transport Protocol (SMTP) is used to send email. Port 25/TCP may be blocked from customers with dynamically-assigned Internet Protocol (IP) addresses to protect systems from becoming a mail relay for SPAM. Customers can subscribe to AT&T SMTP services if they need to host an SMTP server on the internet.
Port 68/UDP: Port 68 is used to obtain dynamic IP address information from a dynamic host configuration protocol (DHCP) server. Port 68 may be blocked to eliminate the risk of exposure to a rogue DHCP server.
Port 123/UDP: Network Time Protocol (NTP) is used to accurately synchronize computer time of day to a reference time server. Some aspects of Port 123 may be limited to minimize malicious use. Poorly-configured NTP servers can be used for Reflective DDOS attacks, and some devices provide NTP service inadvertently, which exacerbates the port’s malicious use.
Port 135/TCP: NetBIOS is a network file sharing protocol and is also known as Common Internet File System or LanManager. Blocking protects customers from exposing files unintentionally, worms, and viruses.
Port 139/TCP: NetBIOS is a network file sharing protocol and is also known as Common Internet File System or LanManager. Blocking protects customers from exposing critical system files unintentionally, which could give system access to a malicious actor.
Port 445/TCP: NetBIOS is a network file sharing protocol and is also known as Common Internet File System or LanManager. Blocking mitigates a potential threat to certain operating systems. Similar to our blocking of Ports 135 and 139, blocking Port 445 protects customers from exposing files unintentionally, worms, and viruses.
Port 520/UDP: RIPv1 - UDP port 520 is used by the Routing Information Protocol (RIP) to share network routing information. RIPv1 was designed to support route information sharing on small classful (class A, B, C, D) networks and has limited usefulness in today’s classless networks. Port 520 has been used by malicious actors to generate Reflective DDOS attacks.
Port 1900/UDP: Universal Plug and Play (UPnP) is a protocol standard designed to allow device discovery over a local network. Some home routers may expose this port to the internet, which could allow attackers to defeat the security attributes of Network Address Translation (NAT) and allow attackers to use the port for Reflective DDOS attacks.
Port 3479/TCP: Twrpc is a protocol used for remote management of end user devices. Blocking this port protects customers from improper use of the port, which can cause end user device instability.
Port 7547/TCP: CPE WAN Management Protocol (CWMP) is a protocol used for remote management of end user devices. Blocking this port protects customers from improper use of the port, which can cause end user device instability.
Port 61001/TCP: Internet Protocol Detail Record (IPDR) is a specification used to collect information from end user devices including device configuration data. Blocking TCP port 61001 prevents certain types of malicious activity including data exposure and end user device attacks.
Does AT&T restrict the types of devices that customers can use with its mass market broadband internet access services?
AT&T makes available to its customers a variety of network interface equipment for use with the broadband internet access services we deliver to homes and businesses, many of which are Wi-Fi enabled. We also make available a variety of additional tools, equipment and services to assist our customers in configuring the local network access in their home or business to meet their particular needs. This allows AT&T customers to use devices of their choice (PCs, Smartphones, Tablets, Smart TVs, etc.) to connect to the broadband internet access services at their home or business via Wi-Fi, via the existing wiring at their premises or via such other compatible local networking technology as they may choose to select.
Customers of our mass market mobile services may attach 3G- or 4G-capable devices of their choice to our mobile broadband internet access services, so long as the devices are FCC-approved, compatible with the technology used in our mobile network, and do not harm our network or other users. AT&T has retired its 2G network and we will not activate 2G-only capable devices. Our wired and Wi-Fi networks require compatible Ethernet or Wi-Fi capable devices. AT&T generally does not support IEEE2 802.11b or earlier Wi-Fi protocols. Devices must also be used in a manner consistent with our terms of service and Acceptable Use Policy. For example, some data plans are designated for use with only a basic phone or smartphone, in which case customers may not use their device to provide an internet access connection to other equipment/devices (such as computers, netbooks, tablets, other phones, USB modems, network routers, media players, gaming consoles, or other data-capable devices) by tethering, by SIM card transfer, or any other means. However, customers wishing to use their service with a mobile hotspot/tethering device may purchase a data plan that already includes such use.