Security Basics mailing list archives
RE: Which ports to block?
From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Tue, 27 Jul 2004 09:04:47 +0000
Hi there Ferino,It sounds as though you are running a web server from this box - please forgive me if I am wrong. If this server is a shared web hosting situation (e.g. a web hosting provider), it would be better to block all ports other than the ones you intend to use. The reason I say this is because users can run things you may not want off them, e.g. IRC bots, DDOS tools etc. If the server is for your own personal use/the server has one user, I would still suggest blocking all ports accept those that you are using. The reason I say this is that it offers one more level of protection that a potential intruder has to go around should the box be compremised (e.g. a hacker/cracker exploits some software you were too slow to patch or a 0day exploit was used, blocking that outgoing port might be one way that could stop a rootkit should they try to use one). This will not stop all hackers/crackers, but it is a good way to slow them down, or discourage the less knowledgable ones. Please feel frere to correct me if I am wrong, I am always open to learn something new.
Kindest of regards, Hamish Stanaway, CEO Absolute Web Hosting / -= KoRe WoRkS Internet Security Auckland, New Zealand http://www.webhosting.net.nz http://www.buywebhosting.co.nz http://www.koreworks.com
From: "Ferino Mardo" <RMardo () ALJOMAIHBEV com> To: <security-basics () securityfocus com> Subject: Which ports to block? Date: Sat, 24 Jul 2004 11:03:50 +0300 MIME-Version: 1.0Received: from outgoing3.securityfocus.com ([205.206.231.27]) by mc6-f28.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 26 Jul 2004 21:04:20 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 5574723A2D6; Mon, 26 Jul 2004 10:27:36 -0600 (MDT)Received: (qmail 23968 invoked from network); 24 Jul 2004 01:29:50 -0000 X-Message-Info: 6sSXyD95QpUe2rCKAwKl3A1Pjb8q//n5 Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0Message-ID: <CF5A9B0BDDBF4341BB10ED79437247836471C8 () pepserv ALJOMAIHBEV COM>X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Which ports to block? Thread-Index: AcRxVMCUyiRgs3sJQmm0PB43Ie3tSA==Return-Path: security-basics-return-29422-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 27 Jul 2004 04:04:21.0125 (UTC) FILETIME=[CB942350:01C4738E]In setting up a "deny all" rule from a firewall, is it safe to block ports 0 to 65535 or only up to 1023? My interest are only to allow port 53 udp, 25, and 80. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
_________________________________________________________________Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Which ports to block? Ferino Mardo (Jul 26)
- Re: Which ports to block? mike (Jul 26)
- RE: Which ports to block? Ed Spencer (Jul 26)
- Re: Which ports to block? steve (Jul 26)
- Re: Which ports to block? VHP3 (Jul 27)
- <Possible follow-ups>
- RE: Which ports to block? Barber, Chris Mr. ATEC/Contractor (Jul 26)
- RE: Which ports to block? Hamish Stanaway (Jul 27)
- RE: Which ports to block? Ferino Mardo (Jul 27)
- RE: Which ports to block? Majed Mohammed Ayoub Al-Shodari (Jul 27)