Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Can i block these ports without any trouble?


  • Please log in to reply
3 replies to this topic

#1 Pajajn

Pajajn

  •  Avatar image
  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:09 AM

Posted 13 June 2022 - 08:48 AM

In my firewall these ports are "open" or "listen"

Do i need all of those in my environment.

*Home network PC
*Gaming with Steam service
*Firefox - normal daily browser

Process |      Service |      Protocol |  Local port | Local address |  Remote port | Remote address |      State

ports.png

Best regards
 


Edited by Pajajn, 13 June 2022 - 08:49 AM.


BC AdBot (Login to Remove)

 


#2 0lds0d

0lds0d

  •  Avatar image
  • Members
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:09 PM

Posted 13 June 2022 - 11:23 AM

Open and listen are all in the localhost  (0.0.0.0 and 127.0.0.1 and ::1 and :: ) or loopback. See  https://en.wikipedia.org/wiki/Localhost So this is very normal and much needed for computer functionality. Do not block (windows firewall does not block localhost by default configuration). These IPs are not internet connected by any means and are just used for the computer itself. And these ports are very much needed, so do not block.

 

169.254.x.x is an address given by the computer itself when the DHCP server (router or gateway) can not be connected and therefore could not get a proper IP address.  https://www.quora.com/What-would-the-IP-address-169-254-x-x-signify


Edited by 0lds0d, 13 June 2022 - 11:35 AM.

Proverbs 14:29


#3 0lds0d

0lds0d

  •  Avatar image
  • Members
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:09 PM

Posted 13 June 2022 - 11:46 AM

A list of ports... https://social.technet.microsoft.com/wiki/contents/articles/1772.windows-ports-protocols-and-system-services.aspx and these previously listed ports (as seen in your uploaded image) are all related to window processes and windows services. Nothing nefarious or incorrect is happening.

 

A port/service list is seen in C:\Windows\System32\drivers\etc\services Open this service file with the notepad to view.


Proverbs 14:29


#4 Trihexagonal

Trihexagonal

  •  Avatar image
  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of the Dead
  • Local time:11:09 PM

Posted 04 August 2022 - 09:22 PM

In my firewall these ports are "open" or "listen"

Do i need all of those in my environment.

*Home network PC
*Gaming with Steam service
*Firefox - normal daily browser

Process |      Service |      Protocol |  Local port | Local address |  Remote port | Remote address |      State

ports.png

Best regards
 

 

 

You don't need to make exceptions for any of them in your firewall ruleset.

 

This is the pf rulest I'm using on the machine I'm posting from and everything works as it should:

### Macro name for external interface

ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 80, 110, 111, 123, 512, 513, 514, 515, 6000, 6010, 8000, 8080 }"

netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"
 
### Default deny everything

block log all



### Pass loopback

set skip on lo0



### Block spooks

antispoof for lo0

antispoof for $ext_if inet

block in from no-route to any

block in from urpf-failed to any

block in quick on $ext_if from any to 255.255.255.255

block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any



### Block all IPv6

block in quick inet6 all

block out quick inet6 all


### Block to and from port 0

block quick proto { tcp, udp } from any port = 0 to any

block quick proto { tcp, udp } from any to any port = 0



### Block specific ports

block in quick log on $ext_if proto tcp from any to any port $netbios_tcp

block in quick log on $ext_if proto udp from any to any port $netbios_udp



### Keep and modulate state of outbound tcp, udp and icmp traffic

pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

https://demonica.trihexagonal.org/

 

When Darkness takes everything, embrace what Darkness Brings.

 

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users