Educause Security Discussion mailing list archives
Re: Internet ingress port-blocking
From: Brian Epstein <bepstein () IAS EDU>
Date: Thu, 17 Aug 2017 14:43:37 -0400
Brian, We default block all and then allow only ports to specific hosts on a need by need basis. From a routing point of view, we do block RFC1918 and multicast inbound. Outbound is a different story. At this point, we only block two services outbound, port 25 for smtp and udp/tcp port 53 for DNS. We want to ensure our users are going through our protected servers for these services. Thanks, Brian On 08/17/2017 11:53 AM, Brian Helman wrote:
We are reviewing the rulesets on our ingress routers from the Internet. I’d like to ask what general ports/applications/services/etc are people blocking? I’m not talking about specific DDoS hosts/subnets or the like, just general practice (e.g blocking RFC 1918 addresses coming from the Internet). Thanks, Brian (x-posting to the NETMAN list as well) ____________________________________ *Brian Helman, M.Ed *|* Director, ITS/Networking Services | *(:*978.542.7272* *Salem State University, 352 Lafayette St., Salem Massachusetts 01970* *GPS: 42.502129, -70.894779*
-- Brian Epstein <bepstein () ias edu> +1 609-734-8179 Manager, Network and Security Institute for Advanced Study Key fingerprint = A6F3 9F5A 26C5 5847 79ED C34C C0E5 244A 55CA 2B78
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Internet ingress port-blocking Brian Helman (Aug 17)
- Re: Internet ingress port-blocking Garrett Hildebrand (Aug 17)
- Re: Internet ingress port-blocking Velislav K Pavlov (Aug 17)
- Re: Internet ingress port-blocking Brian Helman (Aug 17)
- Re: Internet ingress port-blocking Andy Hooper (Aug 18)
- Re: Internet ingress port-blocking Velislav K Pavlov (Aug 17)
- Re: Internet ingress port-blocking Brian Helman (Aug 17)
- Message not available
- Re: Internet ingress port-blocking John Kristoff (Aug 17)
- Re: Internet ingress port-blocking Garrett Hildebrand (Aug 17)
- <Possible follow-ups>
- Re: Internet ingress port-blocking Joseph Tam (Aug 18)