[unisog] Ports to Block, con't
joem at nist.gov
Wed Jun 5 12:40:10 GMT 2002
At 06:36 PM 6/4/02, Phil.Rodrigues at uconn.edu wrote:
> Does anyone care to share what ports they block at their institution?
> We are trying to find an ideal compromise between ports with very few
>legitimate purposes and very large vulnerabilities - the fewer the better
Port 111 and the MS ports are a no brainer. We also currently block 1433
because of the sqlsnake and its variants. Port 27374 seems to still be a
popular MS Trojan port for scans so there must be some level of infection
out there. P2P ports such as 1214 is a judgement call. We basically block
and unblock ports depending on the risks we see out there.
More information about the unisog