Re: Allow all "high UDP" or not ?

From: Casey (Casey_at_nosuch.net)
Date: 11/17/04

• Next message: Quiet Guy: "Re: H323 aware firewall list"
• Previous message: Lars M. Hansen: "Re: Allow all "high UDP" or not ?"
• In reply to: Mordicus: "Allow all "high UDP" or not ?"
• Next in thread: LB: "Re: Allow all "high UDP" or not ?"
• Reply: LB: "Re: Allow all "high UDP" or not ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 17 Nov 2004 17:29:06 GMT

In article <8ef00a56.0411170332.63bb32a4@posting.google.com>, kolokol_2004@speedpost.net says...
> Hi,
>
> My firewall is McAfee Desktop Firewall.
>
> It has a rule named : "Allow all high UDP" (local for 1024-65535 and
> remote for 1204-65535). Please, what is this rule ? Is it safe to let
> a so large range of UDP ports open ? I noticed that if I block all
> high udp port(or delete this rule), the network/internet is still
> working fine... so I do not understand what is for...
>
> For better security settings, should I allow all "high UDP" or block
> them ?
>
> Thank you for help & comments...
>
> Mordicus
>
I have always understood that the best "rule-of-thumb" for
creating firewall rules is "Block Everything That You Don't
Use". Consequently, on my Win98 box, my UDP rule is:
UDP, Block, local/remote ports 1-52, 54-65535, in/out.
I needed UDP port 53 for DNS.
Works just fine.
Casey
p.s. I also apply this philosopy to ICMP types and TCP ports.

---

• Next message: Quiet Guy: "Re: H323 aware firewall list"
• Previous message: Lars M. Hansen: "Re: Allow all "high UDP" or not ?"
• In reply to: Mordicus: "Allow all "high UDP" or not ?"
• Next in thread: LB: "Re: Allow all "high UDP" or not ?"
• Reply: LB: "Re: Allow all "high UDP" or not ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages a UDP Exception Problem of Windows Firewall ... I guess there must be a kind of problem with UDP exceptions of windows ... As I know, if I register some program to exception list of firewall, all of ... But, In my test case, TCP ports used by exception program might be opened, ... while UDP ports never be opened. ... (microsoft.public.windowsxp.embedded) Re: Most important UDP ports? ... However if you actually look for UDP services with UDP protocols your tests can fly! ... I suggest you look into Unicornscan and other tools which will test UDP ports with known UDP protocols on the standard ports where you may find them. ... This doesn't help in finding "unknown" services or those on strange ports but neither will scanning only known service ports looking for ICMP replies. ... (Pen-Test) Excluding the bulk of UDP from IPS processing - Whats the impact? ... Perimeter IPS deployment, with Stateful firewall at the egress point. ... Firewall will block all unsolicited UDP ports. ... (Focus-IDS) TCP/IP filter & SMTP ... I have enabled TCP/IP filter on all addresses on my web server. ... I've got everything working except the UDP filter. ... That doesn't seem right because I've got SMTP enabled on TCP, ... If I enable all UDP ports, ... (microsoft.public.inetserver.iis.security) Allow all "high UDP" or not ? ... My firewall is McAfee Desktop Firewall. ... a so large range of UDP ports open? ... should I allow all "high UDP" or block ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)