VeeMost Technologies
2404 Fourth Street,
Cuyahoga Falls, OH

(330) 928-1100 Telephone
(877) 349-7938 Fax
info@veemost.com

VeeMost Delivers

What makes us stand apart is our dedication to maintaining a strong, caring and honest relationship with every client.

Sept 23, 2003

Services to block on your firewall
Sept 21, 2003 | VeeMost Technologies | Melvin Ejiogu

Here is a simple list of services you should consider banning at the start of your network security policy.

  1. Block "spoofed" addresses or packets coming from outside your network with a source IP of your internal addresses. Also, block private addresses and source-routed packets.
  2. Block "spoofed" addresses or packets coming from outside your company that are sourced from internal addresses or private addresses (RFC1918 and network 127). Also, block source-routed packets.
  3. . Block login services such as Telnet (23/tcp), SSH (22/tcp), FTP (21/tcp), NetBIOS (139/tcp), and rlogin (512/tcp through 514/tcp).
  4. Block RPC and NFS services to include: Portmap/rpcbind (111/tcp and 111/udp), NFS (2049/tcp and 2049/udp), and lockd (4045/tcp and 4045/udp).
  5. Block NetBIOS in Windows NT (135-139 tcp and udp).
  6. Block X Windows (6000/tcp through 6255/tcp).
  7. Block Naming services DNS (53 tcp and udp) to all non-DNS servers, DNS zone transfers (53/tcp) except from external secondaries to your internal primary DNS servers, and block LDAP (389/tcp and 389/udp) if it isn't used by your message clients.
  8. Block Mail service SMTP (25/tcp) to all machines except external mail relays. To include POP (109/tcp and 110/tcp) and IMAP (143/tcp), inform your users that this is blocked for their benefit because these protocols send passwords in the clear across an untrusted network.
  9. Block Web service HTTP port (80/tcp) and SSL (443/tcp) except to known internal Web servers.
  10. Block all "small services," or those ports below (20/tcp and 20/udp), and time (37/tcp and 37/udp).
  11. Block all miscellaneous port traffic, such as TFTP (69/udp), finger (79/tcp), NNTP (119/tcp), NTP (123/tcp), LPD (515/tcp), syslog (514/udp), SNMP (161/tcp and 161/udp, 162/tcp and 162/udp), BGP (179/tcp), and SOCKS (1080/tcp).
  12. Block ICMP, which includes blocking incoming echo requests (ping and traceroute). Block outgoing echo replies, time exceeded, and destination unreachable messages except "packet too big" messages (type 3, code 4). Or, at the very least, limit it to the stations that your network administrators will be using

Back to the September Newsletter

--------------------------------------------------