Re: Ports to block?
At 03:27 AM 4/6/2001 +0200, you wrote:
On Thu, Apr 05, 2001 at 01:40:54PM -0700, Eric N. Valor wrote:
> I work from a default-deny stance. Usual things to then allow in would be
> 25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if
This strickes me as odd, warning to be careful with ssd in the same
sentence were http and bind are mentioned without any warnings.
Or am I missing something?
Well, most folks like to connect to the Web, so port 80 is a must for that
(it's 2-way on the same port). 53 is required only if you're running BIND
so other servers can make information requests. But I warned about SSH
because unless you're checking logs or have some other reporting system
it's a way for someone to brute-force into your system. I've seen way too
many bad username/password combinations and quite a lack of vigilance to
not put up a warning. Also, there was an exploit put out on BugTraq a
while ago regarding SSH-1. I use ssh on my external systems, but only
where the security requirement is medium-low. Even then I make it a point
to keep my eye on the logs. And an IDS isn't a bad idea, either.
Eric N. Valor
- This Space Intentionally Left Blank -