|
How to identify application ports
Hi all,
I'm a security novice. I want to configure the firewall on my home router to block all unnecessary ports. How can I identify the ports that various application that I am running (which require internet access) are using, so that I can ensure that I allow to access to those ports? Thanks. |
Re: How to identify application ports
On Sun, 30 Jan 2005 13:24:22 +1100, "Gerard O'Neill"
<goneill@aapt.net.au> wrote: >Hi all, > >I'm a security novice. I want to configure the firewall on my home router >to block all unnecessary ports. How can I identify the ports that various >application that I am running (which require internet access) are using, so >that I can ensure that I allow to access to those ports? > >Thanks. > ######################### I'm assuming that you are not running a server. If that's the case, you should see what ports are opened on your machine(s). You didn't mention what OS you are running, how many machines are behind the router nor what router you have. Anyway, look at a netstat -an output and see what ports are opened. If you don't know how to read the output, let us know. You can also port scan your network from the outside to see what shows there. Don't forget the difference between a source port on the client machine (that's yours) a destination port on the server. The server could be a web server, telnet server, FTP, ssh and so on. For example, port 80 is used for web sites but when you machine asks for a web site, it's not port 80 on your machine, it's a random port that windows gives it, It's port 80 on the web server. Open a web page and then run netstat -an and you see what I mean. |
Re: How to identify application ports
"Gerard O'Neill" <goneill@aapt.net.au> wrote:
> I'm a security novice. I want to configure the firewall on my home router > to block all unnecessary ports. How can I identify the ports that various > application that I am running (which require internet access) are using, > so that I can ensure that I allow to access to those ports? I cannot answer your question, and I am not an expert on firewalls, but I suspect that your question needs to be accompanied by some more details: what kind of computer; which operating system; which firewall; what you have tried doing already (and what happened); which applications you are running (or you want to run), if you know; any specific threats you are concerned with (if any); briefly, your own background and knowledge. -- Nick Roberts |
Re: How to identify application ports
Gerard O'Neill wrote:
> Hi all, > > I'm a security novice. I want to configure the firewall on my home router > to block all unnecessary ports. How can I identify the ports that various > application that I am running (which require internet access) are using, so > that I can ensure that I allow to access to those ports? > > Thanks. > > Try the site below. It is great for identifiying ports from name or number. It might help. http://ports.tantalo.net/index.php?lng=en |
Re: How to identify application ports
Gerard O'Neill wrote:
> Hi all, > > I'm a security novice. I want to configure the firewall on my home router > to block all unnecessary ports. How can I identify the ports that various > application that I am running (which require internet access) are using, so > that I can ensure that I allow to access to those ports? Simple. 1. Block everything in and out. 2. Find out what doesn't work any more. 3. Find out what ports the broken apps in step 2 need open. 4. Use what you discovered in step 3 to configure your firewall/router. |
Re: How to identify application ports
In article <cthgh5$fc5$1@news-02.connect.com.au>, Gerard O'Neill wrote:
> I'm a security novice. I want to configure the firewall on my home router > to block all unnecessary ports. How can I identify the ports that various > application that I am running (which require internet access) are using, > so that I can ensure that I allow to access to those ports? For a firewall, there are three very simple rules you should be following when trying to configure them: #1 - If you don't know what it is, block it, and see if anything breaks. #2 - If while denying the connection, nothing breaks, then you didn't need that. #3 - If the firewall appears to have 'broken' some function or service, look in the logs, and identify the specific problem. What specifically is being rejected? Then figure the smallest hole that will fix that problem. This may mean allowing connections to 'this' port, from 'that' IP address. Remember that word - you are opening a _hole_ in your defenses. A good rule of thumb is that you should disallow everything, rather than just rule 1. It is of little use to have blocked port $FOO, when an entire _army_ of bad stuff is coming in through the other 65,000+ ports that you left open to the world. This is especially true for the home user, or the inexperienced. Then you can follow rules 2 and 3 to resolve any problem that may develop. "Block everything by default, and allow needed items" is a lot safer than attempting to block specific items while allowing everything else. What you don't know (or block) _can_ hurt you. Old guy |
| All times are GMT. The time now is 03:17 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.