Ports to open?

By fruitbat83 ·
A new client called us in because their IP address had been blacklisted - turned out a laptop was infected and sending out spam. We've sorted out the laptop, and advised them on AV software.

Their firewall currently allows all outbound connections. I think it would be better to block all connections except for a select few (SMTP from the mailserver only for example).

What outbound ports should we leave open?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

It will depend on the network or computer.

by seanferd In reply to Ports to open?

Lots of common ports http 80, https 443, udp 53, tcp 995, etc.

But there are lots of ports you won't know about until you see what is in use, then decide if they need to be open only inside a LAN or need to be open to the internet. Check what is active on the firewall, firewall logs, or use something like Wireshark. Some apps will probably use unique ports, like a corporate AV connecting to an update server.

Interesting port resources:

Collapse -

Network Applications

by Brenton Keegan In reply to Ports to open?

Then open only the ports you need. You have to know what network applications you have and what port they use. Keep in mind all the OS related functions as well.

Beyond that, deny everything else.

If you are configuring this remotely, remember NOT to put the deny all first without allowing your remote access.

Collapse -

what router?

by CG IT In reply to Ports to open?

by default, all consumer level and some SMB level routers allow all outbound traffic from hosts on the LAN, and it's return traffic. These are built in access rules and typically are the last rules applied when you have created custom rules. If there are no custom rules, these default rule apply.

If it was me, I'd find a router that blocks certain known risky applications like Bit Torrent or peer to peer applications, Insta-messaging as part of their Firewall policies than trying to block ports.

blocking ports requires a large administrative effort in documentation and tweeking because invariable users will need to access a legitimate site which uses an application port that is blocked. When that happens, they complain, you tell it's block for security, the complain and you'll end up changing it to accomodate the user. With a router that blocks know risky applications like Bit Torrent, you can justify the block and back it up with documentation on how risky it is.

Related Discussions

Related Forums