Out going port blocking
Results 1 to 7 of 7

Thread: Out going port blocking

  1. #1
    Member Gir's Avatar
    Join Date
    Sep 2002
    Posts
    39

    Out going port blocking

    Would it be advisable to block all ports that aren't used from passing through my firewall. I ask this because i think it might help to block some malicious programs from downloading more stuff. if this is an incorrect assumption then please correct me.
    The answer to all how to questions: Very carefully with a large stick.

    \"Dogs f***ed the Pope. No fault of mine.\" Hunter S. Thompson

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,247
    Block all ports In and Out. Open only those needed. Remember that ports 80, 8080, are used by malicious programs. Stateful Packet inspection, IDS and Antivirus are necessary to prevent out going packets.

    As to incoming packets. A firewall, properly configured will only accept packets - on a port - from an IP that IT (The firewall / Computer) initiated.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #3
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    egress filtering can be a good thing. You'll need to assess your network and your own needs to find out what needs to be blocked and if it will cause any kinds of problems.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Absolutely.... If you don't _need_ it, BLOCK IT, period.

    My work network blocks all high ports and all unneeded low ports. There are a couple of exceptions due to bad planning on the part of others, (a local library runs it's SSL on a 9000 port ), and they are allowed but only from those that need to use them - all other clients are blocked.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    One thing to remember is:

    Trojans for example like Back Orifice.... If those are used much now, not sure, but you can tell them to use any port you want, so your best bet is, besides taking Juridian's advice, re-analyze what you need. If you aren't running any servers at all, you really don't have much of a need for ports being open, however, Anti Virii software, needs ports to do updates.

    And if you think that's stupid, THEY ALLLLLL USE VARYING PORTS....

    Heh, anyway, take that into consideration, and think over a strategy that works for you.

    Personally, I use DMZ for whatever I need on the Internet. Everything else is behind two routers and a switch and each machine is software firewalled.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Dont get fooled into blocking all the ports that trojan/worms etc use though, a lot of the more harmful/sophisticated ones use ports that would be open on a network/host anyways, 25,110,21, 69, etc

    Programs like netcat can hijack any port it wants(or is told to!) and take over a connection, if you can get it running on a target

    Just beware that blocking ports whilst a good security practise is not the only thing to do, you still need to run all the other stuff in conjunction with it. Firewall, AV, SW scanner, AW scaner etc
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  7. #7
    Junior Member
    Join Date
    Aug 2004
    Posts
    16
    You should also look into using a proxy such as Squid..
    \"Poor planning on your part does not necessitate an emergency on my part.\" -Unknown

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides