I work from a default-deny stance. Usual things to then allow in would be
25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if
you have bind running), and various ICMP (echo-reply/request,
source-quench, destination-unreachable, time-exceeded, and
parameter-problem are good ones).
I deny and log pretty much everything else, although I do have special DENY
rules for stuff like NetBIOS (137/138) so they don't hit the trap line at
the end which logs everything not caught above, filling up my logs.
I believe the 1028-UDP port you're talking about is the syslogd talking to
itself (you'll notice it's on the loopback address [127.0.0.1] and
established to Port 514, which is the syslog port). If you've got an
external address talking to your syslog port.. well... good luck.
At 12:57 PM 4/5/2001 -0700, Brandon High wrote:
>Does anyone have a recommendation of ports that should be blocked (via
>ipchains/netfilter/etc) to make a system more secure?
>
>In light of the recent security holes, I did a netstat -an, then lsof -i for
>all ports that were listening and/or UDP. I put a filter in the way of
>everything that I didn't want externally visible, but UDP port 1028 shows
>nothing listening lsof. I blocked it out of principle, but does anyone know
>what it might be?
>
>-B
>
>--
>Brandon High [EMAIL PROTECTED]
>We are Homer of Borg. Resistance is ... Ooo! Donuts!
>
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
[EMAIL PROTECTED]
- This Space Intentionally Left Blank -
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
