[macb6497]

I wanted to create a quick topic to list ports you shouldn't forward or allow connections past the modem/remote connections.

Some ports I think you shouldn't allow to be accessed remotely in a production environment are 21 (ftp), 22 (ssh or sftp), 23 (telnet), 110 (pop), 995 (pops), 992 (telnets), 5000+ (remote admin, teamviewer, etc) and any other ports that allow administration, modification, or write-capable transfers.

Any other ports you all think, should be blocked for remote access?

Also, if you had a production server, what ports would you allow?

I would drop all and then explicitly list ports based on when the connection is new or established.

Thanks,

This post has been edited by macb6497: 21 August 2012 - 08:06 AM

[no2pencil]

You should add irc to that list, imo. I once had a client bring in a Linux rackmount server because their isp was complaining of traffic. I found an irc client running in /tmp/ (with a blank space named sub-dir) that was streaming tons of data over an irc server in France.

[modi123_1]

You are using a firewall, right?

[macb6497]

modi123_1, on 21 August 2012 - 12:47 PM, said:

You are using a firewall, right?

Yeah, this topic was created just for thoughts of what port shouldn't be open

[modi123_1]

Hmm.. I figure I would approach it as: firewall blocks all the ports, and I would whitelist what I need as I know about it.