[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ports to block?

On Fri, Apr 06, 2001 at 10:39:47AM -0700, Eric N. Valor wrote:
> Well, most folks like to connect to the Web, so port 80 is a must for that 
> (it's 2-way on the same port).  53 is required only if you're running BIND 

Is that true? I only block *incoming* port 80, but I'm still able to surf
the web. Remember that when your browser talks to the web server, it will
be using a normal (i.e. > 1023) port locally, not port 80. 

> so other servers can make information requests.  But I warned about SSH 
> because unless you're checking logs or have some other reporting system 
> it's a way for someone to brute-force into your system.  I've seen way too 
> many bad username/password combinations and quite a lack of vigilance to 
> not put up a warning.  Also, there was an exploit put out on BugTraq a 

If you set "PasswordAuthentication no" in /etc/ssh/sshd_config, then
even brute-force hacking of passwords will fail.

> while ago regarding SSH-1.  I use ssh on my external systems, but only 
> where the security requirement is medium-low.  Even then I make it a point 
> to keep my eye on the logs.  And an IDS isn't a bad idea, either.

Karl E. Jørgensen
==== Today's fortune:
/\                                                                         \
\_| I have hardly ever known a mathematician who was capable of reasoning. |
  |                 -- Plato                                               |
  |   _____________________________________________________________________|_

Attachment: pgpnfLRwB1PFL.pgp
Description: PGP signature

Reply to: