Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Jens Hektor (hektorRZ.RWTH-Aachen.DE)
Date: Sat Jun 02 2001 - 11:39:18 CDT
> 1-19 I/O (there isn't any reason why a user should be using these ports)
> 61/62 I (there isn't any reason why someone should be query *any* of our
> devices via SNMP)
Should read 161/162.
> 111 I/O (talk about hack me please...)
> 135-139 I/O (no reason to allow this. too much info can be gathered with
> NO log entry on the queried box. most are misconfigured and allow access
> to way too much)
> 53 where possible (few client nodes should be queried for DNS. Most of
> our users are basic dialups. Some DSL, very little business DSL or leased
> line. Those people plus our own DNS servers need to be allowed for.)
> netbus/BO ports (let's halt the problem before it starts)
I think this is good practice.
Additionally I would suggest tftp/bootps.
> I've seriously been thinking about blocking connections TO port 25 on our
> client (non-business) nodes. We'd still allow them to use any SMPT server
Establish a virus-scanning relay and most of them will be happy.
-- Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen Computing Center Technical University Aachen, network operation & security mailto:hektorRZ.RWTH-Aachen.DE, Tel.: +49 241 80 4866