Which ports should I block

Posted on 2004-11-12
Last Modified: 2010-04-11
I just blocked port 445 and 137 to help resolve a router flood issue. Are there any other ports I should disable just as a good security practice?
Question by:Brendle
    LVL 10

    Expert Comment

    there is not a single answer to this in terms of numbers.
    a person who has a web server may tell u to disable the ftp port and vice-versa.

    hence you should open only ports which u know u need.
    LVL 8

    Expert Comment

    I would answer this by saying block everything and only open ports that you need
    LVL 65

    Accepted Solution

    Brendle, A good discussion on this topic here, can interest you :)

    What ports should I open from LAN to WAN on my firewall
    LVL 7

    Expert Comment

    Exactly, only open the ports you needs. i'e 80, 53, 25, 110

    LVL 87

    Expert Comment

    Go with kianqhaq, Block every port, then if something essential doesn't work, check which port would be needed for that to work. Then get together with the decision makers and decide if you want to open it. If you want, you could also map the port to a different port, to make it more difficult for others to find out what is behind that port.
    LVL 2

    Expert Comment

    Go with what was said above, plus check out this link.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now