2008 Oct 18
Protocol | Port | Service name | Comment |
---|---|---|---|
TCP | 21 | FTP | If you use FTP, incoming only |
TCP | 25 | SMTP | Block incoming or route directly to your email server |
TCP/UDP | 53 | DNS | Block incoming or route to your DNS Server |
TCP/UDP | 67, 68 | DHCP | Block incoming and outgoing |
TCP/UDP | 69 | TFTP | Highly recommended for internal use only. * ** |
TCP | 80 | WWW, HTTP | Block incoming or route to your web server |
TCP/UDP | 88 | Kerberos | |
TCP | 135 | RPC/DCE Endpoint mapper | Highly recommended for internal use only. * ** |
UDP | 137 | NetBIOS Name Service | Highly recommended for internal use only. * ** |
UDP | 138 | NetBIOS Datagram Service | Highly recommended for internal use only. * ** |
TCP | 139 | NetBIOS Session Service | Highly recommended for internal use only. * ** |
TCP/UDP | 389 | LDAP | |
TCP | 443 | HTTP over SSL/TLS | Block this unless your web server is running SSL certs |
TCP/UDP | 445 | Microsoft SMB/CIFS | ADMINISTRATION PORT! BLOCK THIS! |
TCP/UDP | 464 | Kerberos lpasswd | |
UDP | 500 | Internet Key Exchange, IKE (IPSec) | Block this unless using VPN from outside. |
TCP | 593 | HTTP RPC Endpoint mapper | ** |
TCP | 636 | LDAP over SSL/TLS | |
TCP/UDP | 1433, 1434 |
MS SQL Server | hosts data and local server scans |
TCP | 3268 | AD Global Catalog | ADMINISTRATION PORT! BLOCK THIS! |
TCP | 3269 | AD Global Catalog over SSL | ADMINISTRATION PORT! BLOCK THIS! |
TCP | 3389 | Windows Terminal Server | Highly recommended for internal use only. * |
TCP/UDP | 17027 | AdBots | Block outgoing on this port |
TCP/UDP | 31337 | (trojan) | commonly used trojan/backdoor port, such as Back Orifice |
TCP | 31789, 31790 |
(trojan) | Commonly used RAT trojan ports, block incoming and outgoing. |
* "Internal use only" services were originally never intended for use over the internet, and therefore are highly unsecure. | |||
** indicates these ports are used by MS Blaster and similar worms. |