About Blocked Ports

You can block the ports that you know can be used to attack your network. The Firebox denies all traffic to blocked ports on all external interfaces. Blocking ports can protect your most sensitive services.

When you block a port, you override all of the rules in your policy definitions. To block a port, see Block a Port.

Default Blocked Ports

In the default configuration, the Firebox blocks some destination ports. You usually do not need to change this default configuration. TCP and UDP packets are blocked for these ports:

port 0

This port is always blocked by the Firebox. You cannot allow traffic on port 0 through the device.

port 1

The TCPmux service uses Port 1, but not frequently. You can block it to make it more difficult for tools that examine ports.

RPC portmapper (port 111)

The RPC Services use port 111 to find which ports a given RPC server uses. The RPC services are easy to attack through the Internet.

The portmapper frequently uses port 2049 for NFS. If you use NFS, make sure that NFS uses port 2049 on all your systems.

rlogin, rsh, rcp (ports 513, 514)

These services give remote access to other computers. They are a security risk and many attackers probe for these services.

X Window System (ports 6000-6005)

The X Window System (or X-Windows) client connection is not encrypted and is dangerous to use on the Internet.

NFS (port 2049)

NFS (Network File System) is a frequently used TCP/IP service where many users use the same files on a network. New versions have important authentication and security problems. To supply NFS on the Internet can be very dangerous.

X Font Server (port 7100)

Many versions of X Windows operate X Font Servers. The X Font Servers operate as the super-user on some hosts.

port 8000

This port is used for system management by many vendors and the vendor's software may contain vulnerabilities. Many web proxies also use this port as an alternate HTTP port. This port is also used for communication by some forms of malware.

If you must allow traffic through any of the default blocked ports to use the associated software applications, we recommend that you allow the traffic only through a VPN tunnel. You should also enable IPS on your policies for improved security.

See Also

About Ports

Block a Port

About Blocked Sites