ports

  • Thread starter Thread starter Peter Seiler
  • Start date Start date
P

Peter Seiler

which ports (#) should normally be closed (within a firewal programm)
for general security reasons?

Windows XP HOME SP1, Outpost Pro firewall, BitDefender Pro, Netscape,
sometimes/rarely MSIE/MSOE.

THX in advance for any recommendations/hints.
 
TCP/UDP Ports 135 ~ 139 and 445.

Dave



|
| which ports (#) should normally be closed (within a firewal programm)
| for general security reasons?
|
| Windows XP HOME SP1, Outpost Pro firewall, BitDefender Pro, Netscape,
| sometimes/rarely MSIE/MSOE.
|
| THX in advance for any recommendations/hints.
|
| --
| by(e) PS
|
 
Peter Seiler said:
which ports (#) should normally be closed (within a firewal programm)
for general security reasons?
Click to expand...

You can, if you've the mind to, work the other way, and close all incoming
ports, but leave the outgoing ones open, then open those incoming ports you
need.
 
David H. Lipman - 27.11.2003 14:05 :

TCP/UDP Ports 135 ~ 139 and 445.

Dave



|
| which ports (#) should normally be closed (within a firewal programm)
| for general security reasons?
|
| Windows XP HOME SP1, Outpost Pro firewall, BitDefender Pro, Netscape,
| sometimes/rarely MSIE/MSOE.
|
| THX in advance for any recommendations/hints.
|
| --
| by(e) PS
|
Click to expand...
THX Dave for your kind recommendation/hint. I'll give it a go.
 
Peter said:
which ports (#) should normally be closed (within a firewal programm)
for general security reasons?
Click to expand...

all of them... then open the ones that you really, really need...

(though i find that i almost never need any open)
 
ALL of them apart from the ones you need. It depends up on software and
services you use which ones you will open up. Best to use firewall that can
close all and allow only specific software to connect using specific
protocols to specific addresses, possibly only when a specific user is
logged on.

http://sourceforge.net/projects/tdifw is an example of a free and open
source firewall that meets all these requirements. It protected me well
through the rough msblast storm while friends and colleagues using trash
like ZoneAlarm, NIS etc. all were 'infected'.

Since it's rather user unfriendly I wrote a GUI front end for it myself
allowing me to configure it, read logfiles and start and stop services, but
notepad will do fine as well ... Does NOT stealth though which is overrated
anyway IMO.
 
Back
Top