Re: Ports to block?
It is most secure to block everything and only open the ports that are
They can only attack what they can see
If you run a web server then open port 80 tcp, if you have SMTP inbound
email then open port 25 tcp, if you run your own DNS for your domain
then open port 53 udp.
Block all inbound TCP connections with the SYN flag (ipchains -y) apart
from services above, but look out for ftp since it may require a port 20
from the remote to your port >1024 connection with a SYN packet, but you
can block inbound connections with a SYN flag to everything below 1024
and to any internal service ports like 8080/3128 proxy server above 1024.
If you disable icmp pings then you can hide from most scans.
Brandon High wrote:
Does anyone have a recommendation of ports that should be blocked (via
ipchains/netfilter/etc) to make a system more secure?
In light of the recent security holes, I did a netstat -an, then lsof -i for
all ports that were listening and/or UDP. I put a filter in the way of
everything that I didn't want externally visible, but UDP port 1028 shows
nothing listening lsof. I blocked it out of principle, but does anyone know
what it might be?