They can only attack what they can seeIf you run a web server then open port 80 tcp, if you have SMTP inbound email then open port 25 tcp, if you run your own DNS for your domain then open port 53 udp.
Block all inbound TCP connections with the SYN flag (ipchains -y) apart from services above, but look out for ftp since it may require a port 20 from the remote to your port >1024 connection with a SYN packet, but you can block inbound connections with a SYN flag to everything below 1024 and to any internal service ports like 8080/3128 proxy server above 1024.
If you disable icmp pings then you can hide from most scans. Steve Ball Brandon High wrote:
Does anyone have a recommendation of ports that should be blocked (via ipchains/netfilter/etc) to make a system more secure? In light of the recent security holes, I did a netstat -an, then lsof -i for all ports that were listening and/or UDP. I put a filter in the way of everything that I didn't want externally visible, but UDP port 1028 shows nothing listening lsof. I blocked it out of principle, but does anyone know what it might be? -B