[unisog] Ports to Block, con't

Pete Hickey pete at shadows.uottawa.ca
Wed Jun 5 21:10:58 GMT 2002


On Tue, Jun 04, 2002 at 06:36:44PM -0400, Phil.Rodrigues at uconn.edu wrote:

> on.  Does anyone care to share what ports they block at their institution? 
>  We are trying to find an ideal compromise between ports with very few 
> legitimate purposes and very large vulnerabilities - the fewer the better 
> IMHO.

There are exceptions for selected machines, but the default ruleset
blocks:

25, 98, 111, 135-139, 161, 445, 515, 1080,
1900, 5000, 6112, 23728, 27374.

It is easy to keep a port blocked, but not so easy to get it blocked.

I am also blocking almost all UDP ports too.  Fortunately, many years
ago, we were attacked and everyone understood why I was blocking UDP
at the time.  I've been able to keep those rules in place.

My advice?  If you have a chance to block ports, block as many as
you can while you have the chance.

-- 
Pete Hickey               |                         |       VEIWIT
Communication Services    | Pete at mudhead.uottawa.CA |   Makers of transparent
University of Ottawa      |                         |      mirrors for
Ottawa,Ont. Canada K1N 6N5|  (613) 562-5800x1008    |       dyslexics.



More information about the unisog mailing list