On Thu, 15 Sep 2005 10:29:27 +0300
Kim Onnel <[EMAIL PROTECTED]> wrote:
> 80 deny udp any any eq 1026 (3481591 matches)
If you don't already know, it might be worth looking at a detailed
breakdown of the source ports hitting that rule. It may be blocking
a good amount of DNS and NTP traffic for
Michael Tokarev wrote:
www.dshield.org, www.mynetwatchman.org ?
That should be: www.mynetwatchman.COM ;-)
Both are excellent resources.
-Jim P.
Luke Parrish wrote:
>
> Not quite looking for tips to manage my network and ACL's or if should
> or should not be blocking, more looking for actual ports that other
> ISP's are blocking and why.
>
> For example:
>
> port 5 worm 2.5
> port 67 virus 8.2
www.dshield.org, www.mynetwatchman.org ?
Kim Onnel wrote:
80 deny udp any any eq 1026 (3481591 matches)
This will make one out of 4000 of your udp "sessions" to fail with older
stacks which have high ports from 1024 to ~5000.
Pete
Depends where you will put your ACL too,
we have this on our Ingress from the internet
10 deny ip 127.0.0.0 0.255.255.255 any (118 matches)
20 deny ip 10.0.0.0 0.255.255.255 any (23297 matches)
30 deny ip 172.16.0.0 0.15.255.255 any (8 matches)
40 deny ip 192.168.0.0 0.0.255.255 a
There is only one port worth blocking:
Block port 80 (http)
All other ports might be in use for redirected ssh, telnet, ftp, ...
Blocking port 80 will keep windows people from accidently clicking nonsense.
:)
Kind regards,
Peter and Karin Dambier
Luke Parrish wrote:
Everyone,
Does anyon
A couple of decent barometers:
http://www.dshield.org/topports.php
and:
http://www.mynetwatchman.com/default.asp
- ferg
-- Luke Parrish <[EMAIL PROTECTED]> wrote:
Not quite looking for tips to manage my network and ACL's or if should or
should not be blocking, more looking for actual po
On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
Not quite looking for tips to manage my network and ACL's or if
should or
should not be blocking, more looking for actual ports that other
ISP's are
blocking and why.
seems to me this is the wrong question... a default securit
On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
> Not quite looking for tips to manage my network and ACL's or if should or
> should not be blocking, more looking for actual ports that other ISP's are
> blocking and why.
>
> For example:
>
> port 5 worm 2.5
> port 67 virus 8.2
>
Probabl
Not quite looking for tips to manage my network and ACL's or if should or
should not be blocking, more looking for actual ports that other ISP's are
blocking and why.
For example:
port 5 worm 2.5
port 67 virus 8.2
At 03:12 PM 9/14/2005, [EMAIL PROTECTED] wrote:
On Wed, 14 Sep 2005 14:42:
- Original Message Follows -
From: Luke Parrish <[EMAIL PROTECTED]>
To: nanog@merit.edu
Subject: commonly blocked ISP ports
Date: Wed, 14 Sep 2005 14:42:56 -0500
> Everyone,
>
> Does anyone have a reference point for commonly blocked
> ports?
>
> We have a list
On Wed, 14 Sep 2005 14:42:56 CDT, Luke Parrish said:
> We have a list, some reactive and some proactive, however we need to remove
> ports that are no longer a threat and add new ones as they are published.
All ports that are open are threats, at least potentially. What you *should*
be doing is:
Everyone,
Does anyone have a reference point for commonly blocked ports?
We have a list, some reactive and some proactive, however we need to remove
ports that are no longer a threat and add new ones as they are published.
Thanks
luke
13 matches
Mail list logo