«

Hi all,

I'm a security novice. I want to configure the firewall on my home router
to block all unnecessary ports. How can I identify the ports that various
application that I am running (which require internet access) are using, so
that I can ensure that I allow to access to those ports?

Thanks.

On Sun, 30 Jan 2005 13:24:22 +1100, "Gerard O'Neill"
<> wrote:

>Hi all,
>
>I'm a security novice. I want to configure the firewall on my home router
>to block all unnecessary ports. How can I identify the ports that various
>application that I am running (which require internet access) are using, so
>that I can ensure that I allow to access to those ports?
>
>Thanks.
>
#########################
I'm assuming that you are not running a server. If that's the case,
you should see what ports are opened on your machine(s). You didn't
mention what OS you are running, how many machines are behind the
router nor what router you have. Anyway, look at a
netstat -an output and see what ports are opened. If you don't know
how to read the output, let us know. You can also port scan your
network from the outside to see what shows there.

Don't forget the difference between a source port on the client
machine (that's yours) a destination port on the server. The server
could be a web server, telnet server, FTP, ssh and so on. For
example, port 80 is used for web sites but when you machine asks for a
web site, it's not port 80 on your machine, it's a random port that
windows gives it, It's port 80 on the web server. Open a web page and
then run netstat -an and you see what I mean.

"Gerard O'Neill" <> wrote:

> I'm a security novice. I want to configure the firewall on my home router
> to block all unnecessary ports. How can I identify the ports that various
> application that I am running (which require internet access) are using,
> so that I can ensure that I allow to access to those ports?

I cannot answer your question, and I am not an expert on firewalls, but I
suspect that your question needs to be accompanied by some more details:
what kind of computer; which operating system; which firewall; what you have
tried doing already (and what happened); which applications you are running
(or you want to run), if you know; any specific threats you are concerned
with (if any); briefly, your own background and knowledge.

--
Nick Roberts

Gerard O'Neill wrote:
> Hi all,
>
> I'm a security novice. I want to configure the firewall on my home router
> to block all unnecessary ports. How can I identify the ports that various
> application that I am running (which require internet access) are using, so
> that I can ensure that I allow to access to those ports?
>
> Thanks.
>
>
Try the site below. It is great for identifiying ports from name or
number. It might help.

http://ports.tantalo.net/index.php?lng=en

Gerard O'Neill wrote:

> Hi all,
>
> I'm a security novice. I want to configure the firewall on my home router
> to block all unnecessary ports. How can I identify the ports that various
> application that I am running (which require internet access) are using, so
> that I can ensure that I allow to access to those ports?

Simple.
1. Block everything in and out.
2. Find out what doesn't work any more.
3. Find out what ports the broken apps in step 2 need open.
4. Use what you discovered in step 3 to configure your firewall/router.

In article <cthgh5$fc5$>, Gerard O'Neill wrote:

> I'm a security novice. I want to configure the firewall on my home router
> to block all unnecessary ports. How can I identify the ports that various
> application that I am running (which require internet access) are using,
> so that I can ensure that I allow to access to those ports?

For a firewall, there are three very simple rules you should be following
when trying to configure them:

#1 - If you don't know what it is, block it, and see if anything breaks.

#2 - If while denying the connection, nothing breaks, then you didn't need
that.

#3 - If the firewall appears to have 'broken' some function or service,
look in the logs, and identify the specific problem. What specifically is
being rejected? Then figure the smallest hole that will fix that problem.
This may mean allowing connections to 'this' port, from 'that' IP address.
Remember that word - you are opening a _hole_ in your defenses.

A good rule of thumb is that you should disallow everything, rather than
just rule 1. It is of little use to have blocked port $FOO, when an entire
_army_ of bad stuff is coming in through the other 65,000+ ports that you
left open to the world. This is especially true for the home user, or the
inexperienced. Then you can follow rules 2 and 3 to resolve any problem that
may develop. "Block everything by default, and allow needed items" is a lot
safer than attempting to block specific items while allowing everything
else. What you don't know (or block) _can_ hurt you.

Old guy