which ports & protocols are necessary?

Hi all,

Having noticed that Windows allows me to block ports that I don't want in use, via the TCP filtering feature in Network settings -> TCP -> properties -> advanced, I now desire to block those ports and protocols which I don't need. The question is which ones.

I use ftp, http, https, pop3, smtp, and dhcp. I periodically also use the Real player.

Using the handy dandy Dave's port list, it seems that I need the following (TCP) ports.

It's not clear to be when UDP are used by these services.

ftp : 20,21 http : 80 https : 443 pop3 : 110 smtp : 25

I'm not so sure about these:

dhcp : ??? real player : ???

Assuming that I can get a complete list, will this work?

Also, do I need to enable NetBIOS?


Reply to
Loading thread data ...

In article , Jose Maria Lopez Hernandez wrote: :None of them use UDP, but don't forget the DNS service, :that uses 53/udp and 53/tcp (this one only for zone transfers).

In theory, DNS is allowed to use TCP 53 at any time, even just for queries. Common practice is that for queries it starts with UDP 53 and only switches to TCP 53 for queries if the response had the "result was truncated" flag set.

DNS uses TCP 53 for zone transfers not because going TCP is special but because zone transfers are expected to require more than 512 bytes of data being returned -- thus if you are running a DNS server and you do not disallow random sites from attempting DNS transfers [thinking you are safe because you block TCP 53] then someone can start a zone transfer on UDP 53 and get back the first 1/2 KB worth.

I think I have also seen TCP 53 used internally for requests to update the name or IP mapping (Microsoft Windows XP systems request this by default even for systems with static IPs), but I would not swear to it.

Reply to
Walter Roberson

None of them use UDP, but don't forget the DNS service, that uses 53/udp and 53/tcp (this one only for zone transfers).

67/udp 68/udp

I think it's 7070/tcp 554/tcp 1090/tcp, but I have not tested well.

It should work.

Never let NetBIOS go in or out your machine and the Internet. It's a big security problem if you do so. You have to stop it at the firewall.


Reply to
Jose Maria Lopez Hernandez

This is very interesting, I've always thought that TCP was only used for zone transfers.


Reply to
Jose Maria Lopez Hernandez

Or disable NetBIOS over TCP/IP. NetBIOS can run as only protocol in the network (if you have the protocol installed). The danger is the NetBios over TCP/IP which has been vulnerable. Disable it then there should not be any IP-NetBIOS traffic in the LAN.


Reply to
Gerald Vogt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.