Re: Ports to block?

To: Brandon High <armitage@freaks.com>
Cc: debian-security@lists.debian.org
Subject: Re: Ports to block?
From: "Timothy H. Keitt" <Timothy.Keitt@StonyBrook.Edu>
Date: Thu, 05 Apr 2001 16:44:59 -0400
Message-id: <3ACCD94B.40608@StonyBrook.Edu>
References: <Pine.LNX.4.21.0104051250560.29975-100000@xenophobe.freaks.com>

You don't need to block any ports if you turn off unneeded services inthe first place. (You may only need sshd.) Put appropriate accesscontrols on the services you do provide. _Then_ consider packetfiltering. Packet filtering is only needed if your machine is afirewall or if you want to restrict services to selected hosts. (It canalso be useful in detecting spoofing.)


T.

Brandon High wrote:

Does anyone have a recommendation of ports that should be blocked (via
ipchains/netfilter/etc) to make a system more secure?

In light of the recent security holes, I did a netstat -an, then lsof -i for
all ports that were listening and/or UDP. I put a filter in the way of
everything that I didn't want externally visible, but UDP port 1028 shows
nothing listening lsof. I blocked it out of principle, but does anyone know
what it might be?

-B



--
Timothy H. Keitt
Department of Ecology and Evolution
State University of New York at Stony Brook
Phone: 631-632-1101, FAX: 631-632-7626
http://life.bio.sunysb.edu/ee/keitt/

Reply to:

References:
- Ports to block?
  - From: Brandon High <armitage@freaks.com>

Prev by Date: Re: Ports to block?
Next by Date: Re: Ports to block?
Previous by thread: Re: Ports to block?
Next by thread: Re: Ports to block?
Index(es):
- Date
- Thread