Q

Ports to close without affecting performance

What port range in good to close? What are all the ports I can shut without affecting the performance of my system?
Many thanks
Vulnerabilities differ with each environment. It really and truly depends on the kind of platform your systems are running on and as to what all services are required to be run on that system. Sometimes some of the critical services are running on these vulnerable ports making it hard to shutdown.

I would recommend using some good Port-scanning tool Like NMAP to really figure out what's open and accessible. It would list all the open ports on the system and then you can decide on which ones to close without affecting the services your system need to provide. Here's the list of most common ports that are probed and attacked:

  • Block "spoofed" addresses-- packets coming from outside your company sourced from internal addresses, private (RFC1918 and network 127) and IANA reserved addresses. Also block source routed packets.
  • telnet (23/tcp), SSH (22/tcp), FTP (21/tcp), NetBIOS (139/tcp), rlogin (512/tcp through 514/tcp)
  • RPC and NFS-- Portmap/rpcbind (111/tcp and 111/udp), NFS (2049/tcp and 2049/udp), lockd (4045/tcp and 4045/udp)
  • NetBIOS in Windows NT -- 135 (tcp and udp), 137 (udp), 138 (udp), 139 (tcp). Windows 2000 ?445(tcp and udp)
  • X Windows -- 6000/tcp through 6255/tcp
  • DNS (53/udp) to all machines which are not DNS servers, DNS zone transfers (53/tcp) except from external secondaries, LDAP (389/tcp and 389/udp)
  • SMTP (25/tcp) to all machines, which are not external mail relays, POP (109/tcp and 110/tcp), IMAP (143/tcp)
  • HTTP (80/tcp) and SSL (443/tcp) except to external Web servers, may also want to block common high-order HTTP port choices (8000/tcp, 8080/tcp, 8888/tcp, etc.)
  • ports below 20/tcp and 20/udp, time (37/tcp and 37/udp)
  • TFTP (69/udp), finger (79/tcp), NNTP (119/tcp), NTP (123/tcp), LPD (515/tcp), syslog (514/udp), SNMP (161/tcp and 161/udp, 162/tcp and 162/udp), BGP (179/tcp), SOCKS (1080/tcp)

Keep in mind that the CVE (common vulnerabilities and exposure) list gets updated whenever new vulnerabilities are reported. It's always better to keep yourself updated on the same.
-Puneet

This was first published in August 2002

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close