[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ports to block?

At 03:27 AM 4/6/2001 +0200, you wrote:
On Thu, Apr 05, 2001 at 01:40:54PM -0700, Eric N. Valor wrote:
> I work from a default-deny stance.  Usual things to then allow in would be
> 25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if

This strickes me as odd, warning to be careful with ssd in the same
sentence were http and bind are mentioned without any warnings.
Or am I missing something?

Well, most folks like to connect to the Web, so port 80 is a must for that (it's 2-way on the same port). 53 is required only if you're running BIND so other servers can make information requests. But I warned about SSH because unless you're checking logs or have some other reporting system it's a way for someone to brute-force into your system. I've seen way too many bad username/password combinations and quite a lack of vigilance to not put up a warning. Also, there was an exploit put out on BugTraq a while ago regarding SSH-1. I use ssh on my external systems, but only where the security requirement is medium-low. Even then I make it a point to keep my eye on the logs. And an IDS isn't a bad idea, either.

Eric N. Valor
Lutris Technologies

- This Space Intentionally Left Blank -

Reply to: