[Dshield] new: Firewall log and rules

Bjorn Stromberg bjorn at thechemistrylab.com
Thu Oct 2 17:24:46 GMT 2003

----- Original Message ----- 
From: "Kenneth Coney" <superc at visuallink.com>
To: <list at dshield.org>
Sent: Thursday, October 02, 2003 9:31 AM
Subject: Re: Re: [Dshield] new: Firewall log and rules

> First, many people getting the list are not computer professionals and
> have little idea what a port is and they are reading this in the hopes of
> learning something.  Some might not even have a firewall, much less know
> about the existence of firewall rules.

I sincerely hope that people on the DShield mailing list know what a
firewall is and what firewall rules are. As this is a mailing list for
people submitting their firewall logs to DShield.

> I don't think my version of Norton does.

If you'd like some help configuring your firewall, this would be a good
place to start. What version of Norton Firewall do you have?

> About blocking something called "Class A and B netblocks,"  Why not?

I said it was your choice and that in my opinion it was a bad idea. You
don't have to justify it to me.

I gave you a suggestion about how to configure your firewall that I think
would help you save a lot of time and effort in the future. Learning about
the services you use every day and the ports you want to open lets you
understand all kinds of new things about the way your computer behaves. If
you block everything by default and only open the ones you need, you won't
need to learn about all the ports you don't use and consequently save a lot
of time and frustration.

If you want answers to your questions, try making them a little more

* What services use port 1434?
* Why am I getting so many hits on port 901?
* Is there any reason I don't want to block port 17300?
* How do I configure Norton Personal Firewall to block everything and only
allow port 80 and 21 through? ;)

> If others know of a site that lists the port numbers and what
> specific programs (as opposed to useless terms like SQL and FODMS FLIP)
> what specific port numbers, that too would probably be helpful.

http://www.seifried.org/security/ports/ (SQL is not a useless term)

And if you're not interested in my suggestions, you're more than welcome to
ignore them.

Bjorn Stromberg
Mid-Continent Testing Laboratories, Inc.

More information about the list mailing list