[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ports to block?

You don't need to block any ports if you turn off unneeded services in the first place. (You may only need sshd.) Put appropriate access controls on the services you do provide. _Then_ consider packet filtering. Packet filtering is only needed if your machine is a firewall or if you want to restrict services to selected hosts. (It can also be useful in detecting spoofing.)


Brandon High wrote:

Does anyone have a recommendation of ports that should be blocked (via
ipchains/netfilter/etc) to make a system more secure?

In light of the recent security holes, I did a netstat -an, then lsof -i for
all ports that were listening and/or UDP. I put a filter in the way of
everything that I didn't want externally visible, but UDP port 1028 shows
nothing listening lsof. I blocked it out of principle, but does anyone know
what it might be?


Timothy H. Keitt
Department of Ecology and Evolution
State University of New York at Stony Brook
Phone: 631-632-1101, FAX: 631-632-7626

Reply to: