localgareth
asked on
What ports should I open from LAN to WAN on my firewall
What ports should I open from LAN to WAN on my firewall... everything is open by default, but I would prefer to close everything then open the needed stuff manually.
Can anyone offer any useful suggestions?
Can anyone offer any useful suggestions?
ASKER
No! I want to know what outgoing ports to open, from my LAN to WAN.
Gareth
Gareth
ASKER
Obviosuly, I'll need 110, 25, 80... blah...
I just don't want to open everything, this will stop tojans that I dont know about connecting to the Internet on non standard ports.
I just don't want to open everything, this will stop tojans that I dont know about connecting to the Internet on non standard ports.
WAN for Internet I suppose...
While incoming WAN to LAN traffic is usually directed to specific ports (like web, smtp, ... ntp and dns udp or tcp, ...) which is specifically configued on the firewall (and the rest is dropped),
the LAN to WAN traffic is more versatile since "clients" connect from any port (usually >= 1024) to any port...
So it is difficult to stop In to Out traffic.
However a number of reserved ports, Netbios, are known to undisclose information on your windows equipments.
While it's on the LAN, it's ok ... but when it goes outside (even if it will not go very far... but at least at your ISP) it's not anymore!
So you may want to stop this traffic : NetBIOS Ports 137, 138 and 139
Regards
While incoming WAN to LAN traffic is usually directed to specific ports (like web, smtp, ... ntp and dns udp or tcp, ...) which is specifically configued on the firewall (and the rest is dropped),
the LAN to WAN traffic is more versatile since "clients" connect from any port (usually >= 1024) to any port...
So it is difficult to stop In to Out traffic.
However a number of reserved ports, Netbios, are known to undisclose information on your windows equipments.
While it's on the LAN, it's ok ... but when it goes outside (even if it will not go very far... but at least at your ISP) it's not anymore!
So you may want to stop this traffic : NetBIOS Ports 137, 138 and 139
Regards
I'd suggest logging the communication first. Some protocols don't use specific ports per se, but a range of ports for external (and often necessary) communication...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To supplement chicagoan list, some add dhcp ports for ISP access. I still think most dump NNTP and Telnet. And as said in that comment, you should isolate SMTP from users, they do not need it, and its main current useage is for malware to attempt to call home.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Obviously we're talking about outbound traffic here, any connection not initiated from inside should be rejected
http://security.symantec.com/sscv6/sc_scan.asp?langid=ie&venid=sym&plfid=23&pkj=AKCIJABOKQYWTFVRHRM&scanstate=2
Or Port probe from dslreports... http://www.dslreports.com/scan