[Scotttheking]

I'm setting up a new firewall, and I'm wondering what ports I should have blocks at.
I'm looking for ports of well known hacking tools, and also things like p2p apps and the like.
Also, what ports do the IM protocols run on?
I'm almost tempted to run with a default reject policy, but I've got so many different things running and I don't want to have to keep track of them all (I've covered 2 sheets of paper planning, so far)

thx,

Scott

[superlarry]

here are some IM ports:
AOL Instant Messenger: 5190
iChat AV: 5060
iChat AV Video: 16384-16403
iChat (Rendezvous): 5298

[littlegreenspud]

this link could be useful

http://www.chebucto.ns.ca/~rakerman/port-table.html

[Camelot]

Originally posted by Scotttheking:
I'm setting up a new firewall, and I'm wondering what ports I should have blocks at.
I'm looking for ports of well known hacking tools, and also things like p2p apps and the like.
Also, what ports do the IM protocols run on?
I'm almost tempted to run with a default reject policy, but I've got so many different things running and I don't want to have to keep track of them all (I've covered 2 sheets of paper planning, so far)

thx,

Scott

I think you're looking at this from the wrong direction.

Most firewalls are, by default, configured to block incoming connections, but allow all outgoing connections.

Therefore, sitting behind a firewall, you don't need to know, care, or even think about what port numbers you're connecting to on the outside world.

You only ever need to know if you want to allow *incoming* connections to your machine, and it's unlikely you'll be running an iChat/AIM server on your machine and need to allow external users to connect to it.

In the case of P2P services you're running on your machine, you'll need to open ports for that, but you do not need to worry about ports you are going to connect to on the outside world.

[Scotttheking]

Originally posted by Camelot:
I think you're looking at this from the wrong direction.

Most firewalls are, by default, configured to block incoming connections, but allow all outgoing connections.

That is correct, for a normal home firewall device. It is not necessarily the case for a bridging firewall, or a router ACL.

Therefore, sitting behind a firewall, you don't need to know, care, or even think about what port numbers you're connecting to on the outside world.

If all you care about is what is coming in, that is true. If you also care about what is going out, that isn't.

You only ever need to know if you want to allow *incoming* connections to your machine, and it's unlikely you'll be running an iChat/AIM server on your machine and need to allow external users to connect to it.

True. However, it is useful for blocking outgoing, I hope.

In the case of P2P services you're running on your machine, you'll need to open ports for that, but you do not need to worry about ports you are going to connect to on the outside world.

I want to lock them out, and I don't have anything to do layer 7 filtering, yet. I'm hoping the new PIXen that will have layer 7 filtering won't cost too much.

I'd love to run a default reject firewall both ways, but it's too much work. Instead, I'm going to run default allow out, and lock out certain ports that have no reason to be coming in or going out.
BTW, my network is just a wee bit more complex then your normal home network, and it's also used for playing. I may post the full setup once I translate the paper into Omnigraffle, and strip out identifying info.