Port Protocol Name Description1
Originally Posted by Spykerv;14490767
Quick question but by any chance would you know which ports to close so someone doesn't remotely access my computer whilst I use it?
ie, my mouse moving or words/programs being typed/opened that I didn't do, and someone somewhere else is using?
I've got comodo firewall on, and my parents use ESET with the lowest access/highest security.
The TCP port multiplexer. Not very common. Cannot
accept some, reject others7
UDP, TCP echo
An echo server; useful for seeing if a machine is alive.
A higher level equivalent of ICMP Echo (ping).9
UDP, TCP discard
The /dev/null of the Internet. Harmless.11
Occasionally (but rarely) connected to netstat, w, or ps.
If you do that sort of thing—and you shouldn’t—block
UDP, TCP daytime
The time of day, in human-readable form. Harmless15
Same as systat19
UDP, TCP chargen
A character stream generator. Some people like reading that sort of thing, and it won’t upset your system if
Data channel for FTP. Hard to filter21
FTP control channel. Allow in only to your FTP server,
Telnet. Permit only to your login gateway25
TCP smtp Mail
. Allow only to your incoming mail gateways, and
make sure those aren’t running sendmail37
UDP, TCP time
The time of day, in machine-readable form. Before
blocking it (and there’s no reason to), remember that
ICMP can provide the same data.43
Allow in if you run a sanitized whois server; otherwise
UDP, TCP domain
Block TCP except from secondary servers. If you
want to hide your DNS information,
Block; it gives out too much information.69
Dangerous but useful. Be careful if you allow it79
Allow in only if you run a sanitized finger server, and
only to it; block to all other destinations80
Also known asWWW. Dangerous but useful. Be careful
if you allow it87
Rarely used, except by hackers. A lovely port for an
The official Kerberos port. If you allow people to log
in to your site, whether directly or via interrealm authentication,
you have to open up this port; otherwise,
block it Do the same for 750, the original
Kerberos port. Block 749 and 751, the current and
original Kerberos password changing ports. The ports
used for Kerberos-protected services are probably safe,
Rarely used except by hackers. Another lovely port for
Unless folks need to read their mail from outside, block
UDP, TCP sunrpc
Block, but remember that attackers can scan your port number space anyway113
Generally safe. If you block it, don’t send an ICMP
If you allow it in, use source and destination address
Safe if you use NTP’s own access controls144
TCP NeWS A window system. Block as you would X11.
Block, unless you monitor routers outside of your net.
For X11 logins. Block, of course.
Block. It could be useful with a variant rcp; as is, the
only thing that has ever used it is the Internet worm.
Besides, it doesn’t do any logging.
TCP login Shudder
TCP shell Double shudder.
It doesn’t do any logging, either.
There have been reports of problems, and there’s rarely
a good reason for outsiders to use your printers. Block.
Block; it’s a buggy, dangerous service.
You shouldn’t get anything legitimate on this port;
Apart from security holes (and there are some), if this
is open, your logs can be attacked. Block.
Block; the actual protocol involves a conversation between
random TCP ports.
Block; don’t allow outsiders to play games with your
Historically a dangerous service, and mostly obsolete
on the Internet. Block.1025
The usual port for the System V Release 3 listener.
An amazingly bad choice; if you have such machines,
either change the listener port (it’s a local option), or
be sure to block incoming calls only to this port; you’re
sure to have outgoing calls using it.2000
Like X11. Block.
Block, and don’t think twice.
The System V listener. Like tcpmux, but with more
Block the entire range of X11 ports
Block. Internet Relay Chat may or may not be a security
risk per se (although there are a few dangerous
options in IRC clients), but some channels, at least,
attract the sort of network people who send out ICMP
Destination Unreachable messages