On Mon, 14 Oct 2002, Devdas Bhagat wrote:
> On 13/10/02 14:40 -0400, R. DuFresne wrote:
> > depending upon the kinda of windows OS' behind your firewall, you might
> > wish to add 135-139, tc and udp, as well as 445, and 1433,1434. Of course
> > 1080 1090 1900 5000 might not hurt to be blocked either, depending upon
> > services running on those systems. IM fileshareing ports might well be blocked as well, at
> > the least, 4443 1503 3574 5010 6891 7320. And of course, this is not an
> > exhaustive list.
> Wouldn't the Right Thing(tm) be to block everything and then allow only
> what traffic is supposed to go out?
> Not logging 137/udp is a good idea because it fills up the logs and does
> not add any significant information to them.
It certainly would. What is chosne to be passed to the backend windows
systems requires care and illigence though, and extensive logging should
be engaged, for those ports opened.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 11:29:45 PDT