DG834: What ports should I block?

[TheVoice]

Hi all,

I've had my Netgear DG834 router for a while now, but haven't really played around with its firewall and stuff like that much. I was wondering if anybody could tell me if there are any ports I should block as a precautionary measure, or anything like that?

Both systems on the network are running a software firewall so it's not too much of a problem, but I close ZoneAlarm when I'm doing online gaming, so it would be nice to at least have the dangerous ports closed anyway.

Thanks a lot for any help.

 

[Bentley]

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by TheVoice</i>
<br />Hi all,

I've had my Netgear DG834 router for a while now, but haven't really played around with its firewall and stuff like that much. I was wondering if anybody could tell me if there are any ports I should block as a precautionary measure, or anything like that?

Both systems on the network are running a software firewall so it's not too much of a problem, but I close ZoneAlarm when I'm doing online gaming, so it would be nice to at least have the dangerous ports closed anyway.

Thanks a lot for any help.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

How about blocking everything except what you need? You will probably not need too many services to initiate connections from outside, since for most of what one wants to do, one initiates the connection from inside the firewall. Saves you the trouble of running and maintaining two software firewalls too.

 

[TheVoice]

Well that's the problem - I have absolutely no idea which ports do what, so I'm at a loss at to whiich ports I shoulc block and which I shouldn't.

Thanks.

 

[HillBilly]

Well for a start you'll want to keep these open:
80 & 443 for http & https (browser)
25 & 110 for SMTP & POP3 (mail)
53 for DNS lookups

pretty much everything else can be closed... thought if you use P2P or online gaming you'll need to check what ports they use and keep them open too.

 

[SnowWar]

Yep, the way to go about a firewall is to block everything and only allow the ports that you need. Try it and when you find that something is not working go search a bit on what ports that program uses.

If you go and block the following ports and tell it to always log them, you'll see just how many attacks we actually have on the ADSL network:


Sasser: 445, 9996, 5554
Blaster: 135
+ obviously the DOS attacks

 

[kaspaas]

Ports 137,138,139,445 and 901 are used by the "MS-windows file sharing" stuff.

I've found spyware which opens these ports from the inside to the outside.

So keep these ports blocked no matter what you do.

Best is to keep everything blocked and only open what you need as was mentioned elsewhere.



South Africa needs World Class Broadband at World Competitive Prices.

 

[warlock_za]

The D834 If I am not mistaken, has a built in firewall that blocks everything by default, ie nothing is allowed in (But everything is allowed out). I have the D834G, but I am not sure if it is the same as the D834. I havnt really found much value in blocking outgoing traffic, but then I dont click on silly attatchments, and I dont use outlook.

---
There is more than one way to skin a cat
&nbsp;&nbsp;&nbsp;But I still prefer the electric belt sander.

 

[joema]

well could you not get the info from ZoneAlarm - ie. the ports u use for your day-to-day activities - and allow these ports through the router from the inside out, blocking everything else?
For a list of registered ports goto IANA:

http://www.iana.org/assignments/port-numbers

Also is the firewall stateful or stateless?

 

[joema]

sorry found this:

http://www.netgear.com/products/details/DG834G.php?view=

States "True Firewall using Stateful Packet Inspection (SPI)", so u should be able to deny everything from the outside in and the firewall will allow return traffic - ie. web, dns, etc. - to dynamically be allowed through the router.

Let me know if this works, interested to find out if the SPI really is stateful.

 

[TheVoice]

Well the thing is, the DG834 router has preset specifics, you can't just type any port number in, you choose from a slection of a fair few, which is why I have no idea what to block and what to allow.

 

[joema]

looks like u are up s**t creek then.
only thing i can suggest is then allow all outbound traffic through on the router, and setup a gateway machine with ZoneAlarm, and use the gateway to filter the traffic.

So the router will then block the traffic coming in and the gateway will block the traffic going out, bit of a ballache, but thats the only solution I can think of - perhaps someone else has an idea?