Out going port blocking

Printable View

September 22nd, 2005, 12:06 AM
Gir

Out going port blocking

Would it be advisable to block all ports that aren't used from passing through my firewall. I ask this because i think it might help to block some malicious programs from downloading more stuff. if this is an incorrect assumption then please correct me.
September 22nd, 2005, 12:48 AM
dinowuff

Block all ports In and Out. Open only those needed. Remember that ports 80, 8080, are used by malicious programs. Stateful Packet inspection, IDS and Antivirus are necessary to prevent out going packets.

As to incoming packets. A firewall, properly configured will only accept packets - on a port - from an IP that IT (The firewall / Computer) initiated.
September 22nd, 2005, 02:01 AM
Juridian

egress filtering can be a good thing. You'll need to assess your network and your own needs to find out what needs to be blocked and if it will cause any kinds of problems.
September 22nd, 2005, 12:44 PM
Tiger Shark

Absolutely.... If you don't _need_ it, BLOCK IT, period.

My work network blocks all high ports and all unneeded low ports. There are a couple of exceptions due to bad planning on the part of others, (a local library runs it's SSL on a 9000 port :rolleyes: ), and they are allowed but only from those that need to use them - all other clients are blocked.
September 22nd, 2005, 12:50 PM
gore

One thing to remember is:

Trojans for example like Back Orifice.... If those are used much now, not sure, but you can tell them to use any port you want, so your best bet is, besides taking Juridian's advice, re-analyze what you need. If you aren't running any servers at all, you really don't have much of a need for ports being open, however, Anti Virii software, needs ports to do updates.

And if you think that's stupid, THEY ALLLLLL USE VARYING PORTS....

Heh, anyway, take that into consideration, and think over a strategy that works for you.

Personally, I use DMZ for whatever I need on the Internet. Everything else is behind two routers and a switch and each machine is software firewalled.
September 22nd, 2005, 05:15 PM
Nokia

Dont get fooled into blocking all the ports that trojan/worms etc use though, a lot of the more harmful/sophisticated ones use ports that would be open on a network/host anyways, 25,110,21, 69, etc

Programs like netcat can hijack any port it wants(or is told to!) and take over a connection, if you can get it running on a target

Just beware that blocking ports whilst a good security practise is not the only thing to do, you still need to run all the other stuff in conjunction with it. Firewall, AV, SW scanner, AW scaner etc
September 22nd, 2005, 11:16 PM
hidoa

You should also look into using a proxy such as Squid..