macdaddyat_private wrote: > 1-19 I/O (there isn't any reason why a user should be using these ports) > > 61/62 I (there isn't any reason why someone should be query *any* of our > devices via SNMP) Should read 161/162. > 111 I/O (talk about hack me please...) > > 135-139 I/O (no reason to allow this. too much info can be gathered with > NO log entry on the queried box. most are misconfigured and allow access > to way too much) > > 53 where possible (few client nodes should be queried for DNS. Most of > our users are basic dialups. Some DSL, very little business DSL or leased > line. Those people plus our own DNS servers need to be allowed for.) > > netbus/BO ports (let's halt the problem before it starts) I think this is good practice. Additionally I would suggest tftp/bootps. > I've seriously been thinking about blocking connections TO port 25 on our > client (non-business) nodes. We'd still allow them to use any SMPT server Establish a virus-scanning relay and most of them will be happy. Bye, Jens -- Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen Computing Center Technical University Aachen, network operation & security mailto:hektorat_private-Aachen.DE, Tel.: +49 241 80 4866
This archive was generated by hypermail 2b30 : Sun Jun 03 2001 - 09:52:15 PDT