Wednesday, January 1, 2003

common port and services block list

ProtocolPortService nameComment
TCP21FTPIf you use FTP, incoming only
TCP25SMTPBlock incoming or route directly to your email server
TCP/UDP53DNSBlock incoming or route to your DNS Server
TCP/UDP67, 68DHCPBlock incoming and outgoing
TCP/UDP69TFTPHighly recommended for internal use only. * **
TCP80WWW, HTTPBlock incoming or route to your web server
TCP/UDP88Kerberos
TCP135RPC/DCE Endpoint mapperHighly recommended for internal use only. * **
UDP137NetBIOS Name ServiceHighly recommended for internal use only. * **
UDP138NetBIOS Datagram ServiceHighly recommended for internal use only. * **
TCP139NetBIOS Session ServiceHighly recommended for internal use only. * **
TCP/UDP389LDAP
TCP443HTTP over SSL/TLSBlock this unless your web server is running SSL certs
TCP/UDP445Microsoft SMB/CIFSADMINISTRATION PORT! BLOCK THIS!
TCP/UDP464Kerberos lpasswd
UDP500Internet Key Exchange, IKE (IPSec)Block this unless using VPN from outside.
TCP593HTTP RPC Endpoint mapper**
TCP636LDAP over SSL/TLS
TCP/UDP1433,
1434
MS SQL Serverhosts data and local server scans
TCP3268AD Global CatalogADMINISTRATION PORT! BLOCK THIS!
TCP3269AD Global Catalog over SSLADMINISTRATION PORT! BLOCK THIS!
TCP3389Windows Terminal ServerHighly recommended for internal use only. *
TCP/UDP17027AdBotsBlock outgoing on this port
TCP/UDP31337(trojan)commonly used trojan/backdoor port, such as Back Orifice
TCP31789,
31790
(trojan)Commonly used RAT trojan ports, block incoming and outgoing.
* "Internal use only" services were originally never intended for use over the internet, and therefore are highly unsecure.
** indicates these ports are used by MS Blaster and similar worms.