Re: Internet ingress port-blocking

[Brian Epstein <bepstein () IAS EDU>]

Brian,

We default block all and then allow only ports to specific hosts on a
need by need basis.

From a routing point of view, we do block RFC1918 and multicast inbound.

Outbound is a different story.  At this point, we only block two
services outbound, port 25 for smtp and udp/tcp port 53 for DNS.  We
want to ensure our users are going through our protected servers for
these services.

Thanks,
Brian

On 08/17/2017 11:53 AM, Brian Helman wrote:
> We are reviewing the rulesets  on our ingress routers from the
> Internet.  I’d like to ask what general ports/applications/services/etc
> are people blocking?  I’m not talking about specific DDoS hosts/subnets
> or the like, just general practice (e.g blocking RFC 1918 addresses
> coming from the Internet).
>
>  
>
> Thanks,
>
> Brian
>
>  
>
> (x-posting to the NETMAN list as well)
>
>  
>
>  
>
> ____________________________________
> *Brian Helman, M.Ed *|*  Director, ITS/Networking Services |
> *(:*978.542.7272*
>
> *Salem State University, 352 Lafayette St., Salem Massachusetts 01970*
>
> *GPS: 42.502129, -70.894779*
>
>  



-- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Manager, Network and Security           Institute for Advanced Study
Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78

Attachment: signature.asc
Description: OpenPGP digital signature