You could probably block everything.

Post #116,187

9/1/03 9:50:58 AM

Everything except replies, that is, presuming you weren't hosting anything. Though If you were intending to connect to IRC, you probably want requests to Ident to be denied rather than blocked. IIRC, some IRC servers don't particularly like IRCers who won't ignore Ident requests.

For outbound, it depends how much you trust your network. Again, start with nothing and the open up what you need. HTTP is 80 (usually), but there are sites on odd ports; 81, 8000, 8080 and 8888 are common. DNS is 53. SMTP is 25. POP3 is 110, I think. I'm sure you could easily look up anything else you want. 137-139 is NBT (Microsoft networking) if you want to specifically block that.

Wade.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed

Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

Post #116,268

by dmarker

9/1/03 9:21:08 PM

Re: You could probably block everything.

The suggestions so far seem ok - I have taken the approach to close 'infamous' ports, then open if needed.

But at the moment I seem to get messages that my OS can't communicate with a.b.c.d (DNS). I didn't actually think I had shut off port 53 but even that is incoming to a DNS (isn't it) ?

I seem to be able to get to most web sites ok.

Cheers Doug

Post #116,302

by static

9/2/03 4:02:12 AM

Haven't seen that one.

Some DNS servers respond to port 53, but they're not supposed to do that to DNS queries. That would be the only thing I could think of.

Wade.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed

Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

Post #116,304

by rickmoen

9/2/03 4:20:30 AM

Eh?

Wade wrote:

Some DNS servers respond to port 53, but they're not supposed to do that to DNS queries.

I would bloody well hope they all do.

\nuncle-enzo:/tmp# lsof -i TCP:53\nCOMMAND   PID USER   FD   TYPE DEVICE SIZE NODE NAME\nnamed   31711 root   10u  IPv4 427044       TCP localhost:domain (LISTEN)\nnamed   31711 root   12u  IPv4 427046       TCP linuxmafia.com:domain (LISTEN)\nnamed   31712 root   10u  IPv4 427044       TCP localhost:domain (LISTEN)\nnamed   31712 root   12u  IPv4 427046       TCP linuxmafia.com:domain (LISTEN)\nnamed   31713 root   10u  IPv4 427044       TCP localhost:domain (LISTEN)\nnamed   31713 root   12u  IPv4 427046       TCP linuxmafia.com:domain (LISTEN)\n\nnamed   31714 root   10u  IPv4 427044       TCP localhost:domain (LISTEN)\nnamed   31714 root   12u  IPv4 427046       TCP linuxmafia.com:domain (LISTEN)\nnamed   31715 root   10u  IPv4 427044       TCP localhost:domain (LISTEN)\nnamed   31715 root   12u  IPv4 427046       TCP linuxmafia.com:domain (LISTEN)\nuncle-enzo:/tmp#\n

Rick Moen
rick@linuxmafia.com

If you lived here, you'd be $HOME already.

Post #116,305

by static

9/2/03 4:29:51 AM

Sorry, I mis-typed.

I meant some DNS servers make a response back to port 53, rather than back to the port the connection came in on. English vagaries aside, I'm probably mis-remembering something the O'Reilly book. :-)

Wade.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed

Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

Post #116,306

by static

9/2/03 4:29:52 AM

Sorry, I mis-typed.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed

Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

Welcome to IWETHEY!