Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Re Open Ports UDP and TCP

Posted on 2004-11-16
11
Medium Priority
?
351 Views
Last Modified: 2010-04-11
I have a DLink Dfl600 and I have to tighten up our nertwork without going over the top.

We use Internet Acees, Email,Https sites x 2,skype,Remote Administrator.

What TCP Port numbers and especially UDP Port numbers should I allow in and out of these firewall boxes. We also use TMIS firewall software as well on all 14 pcs.

I need a fairly specific answer as I will be doing 4 of these in different problem area networks all with 2000 or 2003 Server.
0
Comment
Question by:stevegw62
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 3

Expert Comment

by:cnewgaard
ID: 12599919
Web/HTTP = port 80
Email (SMTP = 25 and POP3 = 110)
HTTPS = 443
Remote adminstration (I'm assuming MS RDP) = 3389
 
This is what I found on SKYPE, looks like it only cares about outgoing ports

http://web.skype.com/help_firewalls.html

Hope this helps
0
 
LVL 7

Expert Comment

by:shahrial
ID: 12601802
What cnewgaard mentioned are the ports that are required to be opened.
As for Skype VoIP, not required to open additional port as it can tunnel using existing opened ports.
0
 
LVL 1

Author Comment

by:stevegw62
ID: 12601920
This is a list of the ports I have opened or were already opened, my main concern were the UDP ports, as you will see below all of them are open for outbound traffic.
Should it be that way( I am a little concerned)

PS Skype can be configured to whatever I want I chose 60815, and all seems OK. However Remote Administrator doesnt work apparently on 9999 as the software is configured to and has worked prior to the firewall box being installed this morning( I havent tried myself yet unless someone can see below why this might be happening.
 
TCP SMTP(25) Inbound  
 
IGMP - Outbound  
 
ICMP - Outbound  
 
TCP 1 - 65535 Outbound  
 
TCP HTTP(80) Inbound

UDP 1 - 65535 Outbound  
 
TCP 60815 - 60815 Inbound  
 
TCP 9999 - 9999 Inbound  
 
TCP 2003 - 2003 Inbound  
 
TCP 2002 - 2002 Inbound  
 
TCP 2001 - 2001 Inbound  
 
TCP 2000 - 2000 Inbound  
 
TCP 1 - 1 Inbound  
 
ICMP - Inbound  
 
TCP POP3(110) Inbound  
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:stevegw62
ID: 12602169
Ps Dont worry about 2000,2001,2002 and 2003 they are there cameras
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12604038
cnewgaard just explained it;

You need to allow 2000/2003 traffic as well?

Cyber
0
 
LVL 7

Expert Comment

by:shahrial
ID: 12604807
Cyber,
I think stevegw62 is not refering to Microsoft Remote Admin running on RDP.
It might be Remote Administrator = Famatech Radmin - Remote Control Software?

BTW your configuration is not secured....
TCP 1 - 65535 Outbound
UDP 1 - 65535 Outbound  

In this case, if any of your internal machines is compromised, data can flow-out
from your network without much problem.

You can use ethereal to scan your network for port numbers in use, and open only those
necessary, both inbound and outbound.
0
 
LVL 1

Author Comment

by:stevegw62
ID: 12609804
shahrial  

Now we are getting somewhere, this is my concern, the firewall box is default all outgoing UDP and TCP, and this is what I am concerned about. Spyware if downloaded and installed by one of the users in this group of networks by downloading Kaaza or something similar would have a field day.
I will try this "ethereal" and let you know what the outcome is.

And you are correct in saying the program is Remote Administrator which they have to use for there Accountants access. The port required can be changed by both ends allowing a common port number between the 2 pc's with Username and Password for security. They told me it was port 9999, I still haven't checked it yet, I will be doing it today.
0
 
LVL 3

Accepted Solution

by:
cnewgaard earned 1500 total points
ID: 12610345
Most firewalls come defaulted to letting nothing in and everything out.  With spyware even if you lock down all ports you don't need they still have the abilities to send to a website (port 80) or email viruses (port 25).  There's not much you can do about those types of things and the writers of this stuff know that.  Your best options are to have good anti-virus and anti-spyware measures in place and hopefully get a chance to give the users a little training on safe web surfing habits.
0
 
LVL 7

Expert Comment

by:shahrial
ID: 12610853
agreed with cnewgaard comment:
> Your best options are to have good anti-virus and anti-spyware measures in place and hopefully get a chance to give the users a little training on safe web surfing habits.

Good strategy...defence-in-depth methodology. User awareness and training is just as important...;-)
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12612032
shahrial, thank you for enlighting me;
And I see that most of the case has been covered; If I might add though:
There are also good process explorers (not the Task Manager) might be helpful in diagnose thus eliminating any possibility of an attack. Those Process Explorers may provide you with real time communicating files image.

Links:
TCPView:
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Process Explorer:
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Hope I helped in some way

Cyber
0
 
LVL 1

Author Comment

by:stevegw62
ID: 12613652
I wanted to split the points as shahrial  contributed to, but I am too slack(busy) to work out how I do that. For all that contributed to the Answers I am extremely grateful.
What I ended up doing was downloading TCPVIEW.exe and thought how can I lock all of the ports down, and decided that all outgoing will have to stay that way. And resticted incoming to as above, with the exception of turning of the ping and its reply. They use TMIS 2005 on all of there machines and seem pretty happy with that and now the firewall box. I suppose its just a matter of staying on top of updates and allowing there exsisting GP's to slow them down internally.

PS Remote admin was working although I forgot to reset there password.........duuuuhhh
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question