Ask the Expert

Ports to close without affecting performance

What port range in good to close? What are all the ports I can shut without affecting the performance of my system?
Many

    Requires Free Membership to View

thanks
Vulnerabilities differ with each environment. It really and truly depends on the kind of platform your systems are running on and as to what all services are required to be run on that system. Sometimes some of the critical services are running on these vulnerable ports making it hard to shutdown.

I would recommend using some good Port-scanning tool Like NMAP to really figure out what's open and accessible. It would list all the open ports on the system and then you can decide on which ones to close without affecting the services your system need to provide. Here's the list of most common ports that are probed and attacked:

  • Block "spoofed" addresses-- packets coming from outside your company sourced from internal addresses, private (RFC1918 and network 127) and IANA reserved addresses. Also block source routed packets.
  • telnet (23/tcp), SSH (22/tcp), FTP (21/tcp), NetBIOS (139/tcp), rlogin (512/tcp through 514/tcp)
  • RPC and NFS-- Portmap/rpcbind (111/tcp and 111/udp), NFS (2049/tcp and 2049/udp), lockd (4045/tcp and 4045/udp)
  • NetBIOS in Windows NT -- 135 (tcp and udp), 137 (udp), 138 (udp), 139 (tcp). Windows 2000 ?445(tcp and udp)
  • X Windows -- 6000/tcp through 6255/tcp
  • DNS (53/udp) to all machines which are not DNS servers, DNS zone transfers (53/tcp) except from external secondaries, LDAP (389/tcp and 389/udp)
  • SMTP (25/tcp) to all machines, which are not external mail relays, POP (109/tcp and 110/tcp), IMAP (143/tcp)
  • HTTP (80/tcp) and SSL (443/tcp) except to external Web servers, may also want to block common high-order HTTP port choices (8000/tcp, 8080/tcp, 8888/tcp, etc.)
  • ports below 20/tcp and 20/udp, time (37/tcp and 37/udp)
  • TFTP (69/udp), finger (79/tcp), NNTP (119/tcp), NTP (123/tcp), LPD (515/tcp), syslog (514/udp), SNMP (161/tcp and 161/udp, 162/tcp and 162/udp), BGP (179/tcp), SOCKS (1080/tcp)

Keep in mind that the CVE (common vulnerabilities and exposure) list gets updated whenever new vulnerabilities are reported. It's always better to keep yourself updated on the same.
-Puneet

This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: