Page 1 of 1
Firewall ports to be blocked or watched
Posted: 2004-09-13 12:07am
by Shinova
Could anyone tell me or point me to a place that gives a basic rundown on which ports I should block or watch for? Like a list of common ports used by viruses, hackers, etc, etc.
Posted: 2004-09-13 12:20am
by Crayz9000
Basic Windows ports that should NEVER be open to the Internet:
135 (Remote Procedure Call)
139 (NetBIOS Session)
445 (Windows NT NetBIOS something or another)
5000 (Universal Plug-and-Play)
Posted: 2004-09-13 12:28am
by Shinova
Thank you!!!! ~waii~
Posted: 2004-09-13 05:17pm
by Darth Wong
Use a "default deny" policy instead of "default allow". Pre-emptively block EVERYTHING right off the bat, and then open up specific ports that you need, one at a time. For example, if you play a particular game and it needs an open port, find out what the port number is and then open up that specific port. That's much safer than trying to guess what ports are likely to be attacked.
Posted: 2004-09-13 06:05pm
by phongn
Yes. All firewall policies should be "deny unless explicitly permitted" rather than vice versa. In fact, the default XP SP2 firewall does just that (and things like Windows Networking is restricted to the current subnet by default as well)
Posted: 2004-09-13 06:25pm
by White Haven
'deny TCP any any' is such a beautiful statement.
Seriously though, when in doubt, block ports, figure out what you broke, and then fix it.
Posted: 2004-09-14 01:13am
by Vertigo1
Note: On some occasions, ICQ will use port 5000 for inbound and outbound traffic.
Posted: 2004-09-14 03:04am
by Dalton
I think there's a link in one of the stickies to a useful mini-tutorial on firewalls that Faram did.