It is most secure to block everything and only open the ports that are
absolutely necessary.
They can only attack what they can see
If you run a web server then open port 80 tcp, if you have SMTP inbound
email then open port 25 tcp, if you run your own DNS for your domain
then open port 53 udp.
Block all inbound TCP connections with the SYN flag (ipchains -y) apart
from services above, but look out for ftp since it may require a port 20
from the remote to your port >1024 connection with a SYN packet, but you
can block inbound connections with a SYN flag to everything below 1024
and to any internal service ports like 8080/3128 proxy server above 1024.
If you disable icmp pings then you can hide from most scans.
Steve Ball
Brandon High wrote:
> Does anyone have a recommendation of ports that should be blocked (via
> ipchains/netfilter/etc) to make a system more secure?
>
> In light of the recent security holes, I did a netstat -an, then lsof -i for
> all ports that were listening and/or UDP. I put a filter in the way of
> everything that I didn't want externally visible, but UDP port 1028 shows
> nothing listening lsof. I blocked it out of principle, but does anyone know
> what it might be?
>
> -B
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
