[unisog] Ports to Block, con't

Joe Matusiewicz joem at nist.gov
Wed Jun 5 12:40:10 GMT 2002


At 06:36 PM 6/4/02, Phil.Rodrigues at uconn.edu wrote:
>Hi all,
>
>  Does anyone care to share what ports they block at their institution?
>  We are trying to find an ideal compromise between ports with very few
>legitimate purposes and very large vulnerabilities - the fewer the better
>IMHO.


Port 111 and the MS ports are a no brainer.  We also currently block 1433 
because of the sqlsnake and its variants.  Port 27374 seems to still be a 
popular MS Trojan port for scans so there must be some level of infection 
out there.  P2P ports such as 1214 is a judgement call.  We basically block 
and unblock ports depending on the risks we see out there.

-- Joe



More information about the unisog mailing list