Activity Summary
- 5854 days inactive
- 5854 days old
- pacnog@pacnog.org
- 2 participants
- 1 comments
j
: Next unread message k
: Previous unread message j a
: Jump to all threads
j l
: Jump to MailingList overview
Hi All,
There are known ports that we block incoming by default for all hosts on our networks,
I am wondering if I'm missing any, or if I'm supposed to,
I am typically blocking the following ports by default for all ip aggregations on inbound ACLs at the border gateway,
We are multihomed to four different ISPs,
tcp
22
telnet
135
137
138
139
445
512
513
514
515
1433
1434
1512
1645
1646
1812
1813
and
udp
22
tftp
rip
135
netbios-dgm
netbios-ns
netbios-ss
snmp
snmptrap
445
512
513
514
1433
1434
1512
1645
1646
1812
1813
Instead of doing this at the border router, Is there something we can do as a community to setup a generic firewall that sits between our border gateway and our network to protect our users?
Is there a good cost effective commercial appliance that will do this for us?
Appreciate any comments,
Regards,
Chan
FSMTC
Chan J Tallon
System Administrator (Data Services)
FSM Telecommunications Corporation
P: 691 320 2740
F: 691 320 2745
C: 691 920 2733
Hi Chan,
An ACL provides filtering by IP, TCP and UDP, so the only real difference between it and a firewall is that you may gain some deep packet inspection capabilities by using a dedicated firewall. Other than that, an ACL should provide sufficient firewalling capabilities on your network edge.
As for your current block list, I would granulate it a bit more by IP address if you haven't already.
For example, we currently block external SSH to subnets we've allocated for network equipment but allow it for all customer addresses. Some of our customers are required to use off-island support, and they usually ssh in directly.
------------------------------------------------------- Aloiamoa Anesi, Jr. Network Operations Engineer Blue Sky Communications 478 Laufou Shopping Ctr Pago Pago, American Samoa 96799 -- Ph: +1.684.699.2759 ext 1098 Cell: +1.684.258.1098 VoIP Business Hours: 1098@voip.bluesky.as
On Sep 13, 2007, at 3:11 AM, Chan J Tallon wrote:
Hi All,
There are known ports that we block incoming by default for all hosts on our networks,
I am wondering if I’m missing any, or if I’m supposed to,
I am typically blocking the following ports by default for all ip aggregations on inbound ACLs at the border gateway,
We are multihomed to four different ISPs,
tcp
22
telnet
135
137
138
139
445
512
513
514
515
1433
1434
1512
1645
1646
1812
1813
and
udp
22
tftp
rip
135
netbios-dgm
netbios-ns
netbios-ss
snmp
snmptrap
445
512
513
514
1433
1434
1512
1645
1646
1812
1813
Instead of doing this at the border router, Is there something we can do as a community to setup a generic firewall that sits between our border gateway and our network to protect our users?
Is there a good cost effective commercial appliance that will do this for us?
Appreciate any comments,
Regards,
Chan
FSMTC
Chan J Tallon
System Administrator (Data Services)
FSM Telecommunications Corporation
P: 691 320 2740
F: 691 320 2745
C: 691 920 2733
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog