[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ports to block?

I work from a default-deny stance. Usual things to then allow in would be 25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if you have bind running), and various ICMP (echo-reply/request, source-quench, destination-unreachable, time-exceeded, and parameter-problem are good ones).

I deny and log pretty much everything else, although I do have special DENY rules for stuff like NetBIOS (137/138) so they don't hit the trap line at the end which logs everything not caught above, filling up my logs.

I believe the 1028-UDP port you're talking about is the syslogd talking to itself (you'll notice it's on the loopback address [] and established to Port 514, which is the syslog port). If you've got an external address talking to your syslog port.. well... good luck.

At 12:57 PM 4/5/2001 -0700, Brandon High wrote:
Does anyone have a recommendation of ports that should be blocked (via
ipchains/netfilter/etc) to make a system more secure?

In light of the recent security holes, I did a netstat -an, then lsof -i for
all ports that were listening and/or UDP. I put a filter in the way of
everything that I didn't want externally visible, but UDP port 1028 shows
nothing listening lsof. I blocked it out of principle, but does anyone know
what it might be?


Brandon High                                     armitage@freaks.com
We are Homer of Borg. Resistance is ... Ooo! Donuts!

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Eric N. Valor
Lutris Technologies

- This Space Intentionally Left Blank -

Reply to: