1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ports

Discussion in 'Networks' started by greenbrucelee, Feb 20, 2009.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Just reading up on ports and a question popped into my head.

    What would happen if all ports were blocked apart from the usual ones for HTTP and FTP like 20,21 and 80 with all other blocked?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. mattstevenson

    mattstevenson Byte Poster

    214
    6
    44
    Then you'd be able to view some webpages (Not necessarily in full), and make FTP transfers. Nothing else.
    Mind you, without 53 open, you probably wouldn't be able to resolve the URLs against their respective IPs, so web browsing might be out of the question. Anyone want to answer that one for me please? :) Ha.
     
    Certifications: Triple A+. Network+, CCENT
    WIP: MCP, ICND2, Sec+
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I did forget 53. So would having the rest blocked cause any problems with say automatic application updates etc? such as windows.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Blocked outbound or inbound? Technically most firewalls now don't overtly 'block' access to specific ports - they filter it. If you 'block' a port it indicates that there may be something sat there that could be worth attacking. A 'proper' firewall solution should also block outbound ports to prevent already compromised hosts from communicating with the outside world (think bots trying to communicate via IRC or SMTP) - so that you only allow your hosts to connect out to the Internet via a defined proxy (you can also implement proper filtering policies at this chokepoint so that, for example, your acceptable use policy can be enforced via web-filtering software).

    In short, if you portscan your external IP from another external IP you shouldn't see 'any' ports on that IP address except any you have specifically opened up - e.g. port 80/443 for a webserver, 25 for SMTP etc.
     
    Certifications: A few
    WIP: None - f*** 'em
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I am going to do a port scan when I get home tonight. With my firewall everything is blocked unless I have a policy set up for it (this goes for inbound and outbound). I have never had an alert yet but have had attempts recorded when looking at the firewall logs.

    Is there anyway I could make it more secure or am I being a bit paranoid?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    GBL - Why don't you PM me your external IP and I'll run a qucik nmap scan against it? That will pick up anything obvious - provided a port-scan doesn't throw up anything untoward you should be OK - there are other methods of 'finding' you, but tbh unless you're a legitimate bona fide target, there's waaaaay too much low-hanging fruit out there for anyone to bother trying to rinse you!
     
    Certifications: A few
    WIP: None - f*** 'em
  7. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Ok I'll send you it, I wont be home until 6.45ish so I will do it then if that's ok. (I couldn't tell you it of the top of my head).
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  8. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    is it not 192.168.1.2? thats what mine is
     
  9. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    nah .1 at the end but its the WAN one 66. somethong or other :oops:
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  10. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    That's your internal (private) address. The WAN address is what I need - that's what your 'external' IP address is and that's how you can communicate with the outside world.
     
    Certifications: A few
    WIP: None - f*** 'em
  11. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    NP - make sure its a PM though, for obvious reasons :)
     
    Certifications: A few
    WIP: None - f*** 'em
  12. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    LOL!
    i knew that already - was just messing about! :twisted:
     
  13. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    LAWL - you obviously need to be a bit blunter in your sarcasm - that was far too subtle for a thick-headed tool like me :)
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...