commonly blocked ISP ports

• Previous message (by thread): commonly blocked ISP ports
• Next message (by thread): commonly blocked ISP ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
>
>> Not quite looking for tips to manage my network and ACL's or if  
>> should or
>> should not be blocking, more looking for actual ports that other  
>> ISP's are
>> blocking and why.

seems to me this is the wrong question...  a default security  
"posture" (network or system, isp or enterprise or any type of  
entity) should be:  "if it's not explicitly allowed, it's denied."

don't look for specific ports to block.  lock down everything, both  
*egress* (arguably as important as ingress, and typically completely  
ignored) and ingress, and start opening only specific ports that are  
absolutely necessary.  yes, it's a lot more work to do this but it's  
a lot safer.

many worm/trojan infections happen because egress is completely open,  
and "permit tcp any any established" is the first line in the ingress  
acl.

-b

• Previous message (by thread): commonly blocked ISP ports
• Next message (by thread): commonly blocked ISP ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]