[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ports to block?

It is most secure to block everything and only open the ports that are absolutely necessary.

They can only attack what they can see

If you run a web server then open port 80 tcp, if you have SMTP inbound email then open port 25 tcp, if you run your own DNS for your domain then open port 53 udp.

Block all inbound TCP connections with the SYN flag (ipchains -y) apart from services above, but look out for ftp since it may require a port 20 from the remote to your port >1024 connection with a SYN packet, but you can block inbound connections with a SYN flag to everything below 1024 and to any internal service ports like 8080/3128 proxy server above 1024.

If you disable icmp pings then you can hide from most scans.

Steve Ball

Brandon High wrote:

Does anyone have a recommendation of ports that should be blocked (via
ipchains/netfilter/etc) to make a system more secure?

In light of the recent security holes, I did a netstat -an, then lsof -i for
all ports that were listening and/or UDP. I put a filter in the way of
everything that I didn't want externally visible, but UDP port 1028 shows
nothing listening lsof. I blocked it out of principle, but does anyone know
what it might be?


Reply to: