This is a theoretical question and now I find it interesting. On a corporate network, if one is already blocking all well-known tcp ports on every VLAN that are not explicitly required for business, what is to be gained by blocking tcp ports 1024 to 65,535? Assume in this scenario that outbound traffic to the Internet is limited to HTTP, SSL, FTP, mail etc. What are the risks to windows boxes? What kinds of problems should one expect to inter-VLAN traffic? At first glance, worms seem like they may be an issue. Obviously high level hackers will have a hay day with that many open ports, but for average risks, what should one expect for Windows to Windows traffic?