MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

5 Top security flaw found in c

Alert: Apple Security Bulletin

Alert: MS Security Bulletins

Alert: MS Security Tips

Browser crash test

Critical Alert

Firewall on fire!

Firewall

Hoaxes: E-mail

Internet Protocol Network Came

Mail relay test

Network Setup Checklist

Network Worms

On-line Privacy

Process - OK

Process - Bad & Ugly

Rootkits

Rotten Cookies

TCP Holed

TCP Port ~ 1024

TCP Port ~ 1352

TCP Port ~ 2500

TCP Port ~ 65301

TCP Port Scan

TCP Port

Web Security
Home » Network Security » TCP Port Scan » 

Port Blocking

Poor system management is one of the main issue in virus attack.  For example, in a recent attack was through port 445 and alot of computer across corporate America left this port opened.  As a rule, one should not have any ports open unless you know what they do.

Due to the ever increasing incidents of Virus, network administrators and ISPs are starting to block network ports.  Blocking ports may to help protect their users from being infected and from infecting other users. However, it could also lead to technical problems which be prevent internet users from accessing to network services like mapping network drives, database access, special mailbox access, etc.. 

In response to the Blaster virus, a number of advisories recommended that network managers set up blockades against the Blaster port numbers (it actually used a few) to prevent its spread. This turned out to be a problem. The worm used these ports because other software actively uses them. Thus, when the managers set up their blockades they did more than stop the spread of the worm, they stopped the flow of vital data and control communications.

Unfortunately, few organizations understand the relationship of their networked business applications to port numbers. Sure, it's easy enough for a network analyst to identify the ports used on the network. However, this is of marginal use. It just enables network managers to say to their business counterparts, "I'm blocking port 445, which runs on servers A and B. OK?" Frankly, few people - even the techies - understand what this means.

For the more involved, they could modify their network applications to use different ports.  But could this be the real solution? Besides, doing so would require enormous effort, and all the worm would have to do is target the new ports. So, something more is required.

Here are some examples of just what are the ports are being blocked:

RESNET (Ohio State University) - Due to the rapidly spreading Phatbot virus that hit ResNet, the following additional ports have been blocked to prevent the virus from spreading further: 4387, 63808, 63809, 65506, 3410, 1025, 2745, and 6129. This is in addition to the already blocked ports 3127, 3128, 135, 137, 138, 139, and 445. The port blocks are effective on the Columbus, Newark, and Wooster campuses.

Cox High Speed Internet Network - Certain ports are filtered in order to protect our customers. We can protect them from certain common worms and protect them from running dangerous services on their computers that could allow intruders access. Port 25 TCP SMTP - SMTP Relays; Port 80 TCP HTTP - Inbound Web servers, worms; Port 135 UDP NetBios - Both Net Send Spam/Pop-ups, Worms; Port 135 TCP NetBios - Incoming Net Send Spam/Pop-ups, Worms; Ports 136-139 UDP, TCP NetBios - Both Worms, Network Neighhood; Port 445 TCP MS-DS/NetBios - Both Worms, Network Neighhood; Port 1433 TCP MS-SQL - Inbound Worms, Trojans; Port 1434 UDP MS-SQL - Inbound Worms, SQLslammer; Port 1900 UDP MS-DS/NetBios - Both Worms, Network.

Port Blocking at the University of Saskatchewan -  To ensure a secure and reliable network,  ports 135, 137-139 and 445 were blocked at the U of S campus border. The decision to block these ports was made in consultation with the IT Risk Management Committee and ITC. Port blocking will improve the security on the campus network, however, it may affect the tasks of some faculty and staff. If you have an off-campus computer that connects to on-campus Windows shares (e.g., Windows “Map Network Drive”feature, directories, files, or printers) or login to Windows boxes on campus from off campus, you will not be able to do this. You will need to use our Virtual Private Network (VPN) to securely access those files from your home (i.e., off-campus locations). Port blocking does not occur inside the University network so there is no need to run VPN on the University networked computers.

Purdue University ECN (Engineering Computer Network) Internet Security: Subnet Port Blocking - ECN has to block network ports 135,137, 138,139, 445 and 593 for off-campus traffic to all ECN subnets.

University of Califonia (UCI) campus blockade of NetBIOS and other special ports.  Microsoft Windows NetBIOS and certain other well-known Microsoft Windows ports became unavailable from off campus. Certain ports are blocked at the UCI campus border to protect campus systems from common hostile scans and certain types of attacks and Internet worms. The decision to block these ports was made in consultation with with UCI School Computing Coordinators.

 

commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.