Re: Ports to block?
You don't need to block any ports if you turn off unneeded services in
the first place. (You may only need sshd.) Put appropriate access
controls on the services you do provide. _Then_ consider packet
filtering. Packet filtering is only needed if your machine is a
firewall or if you want to restrict services to selected hosts. (It can
also be useful in detecting spoofing.)
Brandon High wrote:
Does anyone have a recommendation of ports that should be blocked (via
ipchains/netfilter/etc) to make a system more secure?
In light of the recent security holes, I did a netstat -an, then lsof -i for
all ports that were listening and/or UDP. I put a filter in the way of
everything that I didn't want externally visible, but UDP port 1028 shows
nothing listening lsof. I blocked it out of principle, but does anyone know
what it might be?
Timothy H. Keitt
Department of Ecology and Evolution
State University of New York at Stony Brook
Phone: 631-632-1101, FAX: 631-632-7626