Problem solve Get help with specific problems with your technologies, process and projects.

Ports to close without affecting performance

What port range in good to close? What are all the ports I can shut without affecting the performance of my system?
Many thanks
Vulnerabilities differ with each environment. It really and truly depends on the kind of platform your systems are running on and as to what all services are required to be run on that system. Sometimes some of the critical services are running on these vulnerable ports making it hard to shutdown.

I would recommend using some good Port-scanning tool Like NMAP to really figure out what's open and accessible. It would list all the open ports on the system and then you can decide on which ones to close without affecting the services your system need to provide. Here's the list of most common ports that are probed and attacked:

  • Block "spoofed" addresses-- packets coming from outside your company sourced from internal addresses, private (RFC1918 and network 127) and IANA reserved addresses. Also block source routed packets.
  • telnet (23/tcp), SSH (22/tcp), FTP (21/tcp), NetBIOS (139/tcp), rlogin (512/tcp through 514/tcp)
  • RPC and NFS-- Portmap/rpcbind (111/tcp and 111/udp), NFS (2049/tcp and 2049/udp), lockd (4045/tcp and 4045/udp)
  • NetBIOS in Windows NT -- 135 (tcp and udp), 137 (udp), 138 (udp), 139 (tcp). Windows 2000 ?445(tcp and udp)
  • X Windows -- 6000/tcp through 6255/tcp
  • DNS (53/udp) to all machines which are not DNS servers, DNS zone transfers (53/tcp) except from external secondaries, LDAP (389/tcp and 389/udp)
  • SMTP (25/tcp) to all machines, which are not external mail relays, POP (109/tcp and 110/tcp), IMAP (143/tcp)
  • HTTP (80/tcp) and SSL (443/tcp) except to external Web servers, may also want to block common high-order HTTP port choices (8000/tcp, 8080/tcp, 8888/tcp, etc.)
  • ports below 20/tcp and 20/udp, time (37/tcp and 37/udp)
  • TFTP (69/udp), finger (79/tcp), NNTP (119/tcp), NTP (123/tcp), LPD (515/tcp), syslog (514/udp), SNMP (161/tcp and 161/udp, 162/tcp and 162/udp), BGP (179/tcp), SOCKS (1080/tcp)

Keep in mind that the CVE (common vulnerabilities and exposure) list gets updated whenever new vulnerabilities are reported. It's always better to keep yourself updated on the same.

This was last published in August 2002

Dig Deeper on Network management and monitoring

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.