Are ports above 1024 closed by default ?

Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Are ports above 1024 closed by default ?
# 1  
Old 10-30-2008
Are ports above 1024 closed by default ?

Hi guys,

Just needed to know if all the ports above 1024 are closed by default. I know that below 1024 the ports are reserved for the kernel and ports above 1024 are reserved for user applications.

But by default, if I do not have a rule in my firewall to block ports above 1024, Will my system accept incoming or outgoing traffic?. (I think outgoing YES).

I am running CentOS 4.x

Thanks for reading !!
# 2  
Old 10-30-2008
RFC 1700 does not seem to think the way you do about ports -

Do you not have a default action for ports? Maybe your filrewall has one builtin.
# 3  
Old 10-30-2008
I have the following rule in my firewall to deny all ports which we do not need upto 1024.

-A INPUT -p udp --dport 0:1024 -j REJECT
-A INPUT -p tcp --dport 0:1024 -j REJECT

Do I need to have a rule to deny all port above 1024 ? Or are they blocked by default ?

# 4  
Old 10-31-2008
Nothing is blocked by default.

To see what processes are listening on what ports, use netstat, eg for a telephony server @ my shop:

[root@server ~]# netstat -tlnp | head -5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      PID/Program name
tcp        0      0       *                   LISTEN      30962/snmpd
tcp        0      0      *                   LISTEN      6051/java
tcp        0      0      *                   LISTEN      6051/java
[root@server ~]# netstat -ulnp | head -5
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      PID/Program name
udp        0      0     *      6123/asterisk
udp        0      0     *      6123/asterisk
udp        0      0       *      30962/snmpd
[root@server ~]#

As you can see, this is listening on ports over 1024. There are many other things to notice. 'man netstat' for more options.

This is much more important than your firewall. Turn off all but unneccessary services. For instance, I betcha that "cupsd" is running. You don't want that unless the box in question is a printserver, listening on the IP associated w/the configured interface.

As to your firewall, you're going about the whole thing the wrong way. You want to DROP packets by default, then add your allow rules. To this end, this is typically found at the beginning of a firewall script / config file:


BTW, "DROP" is pref'd over "REJECT". REJECT returns a "nobody home". DROP drops the packets silently. Suggest you man iptables. Google the "Unreliable Guides" by the module's author. Also, there are many sample firewalls out there.

# 5  
Old 10-31-2008
Thanks nobo !
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. IP Networking

Debian ports reporting closed. Refused connection

Hey guys, I'm having trouble with checking what ports are open on my Debian distro, which is reporting all ports closed, though they are clearly open I am checking to see if ports are open with netcat: nc 80 localhost 80 (http) : Connection refusedAs an example but on all ports... (0 Replies)
Discussion started by: 3therk1ll
0 Replies

2. Solaris

SYN_SENT does not receive reset from closed ports

Dear all, I have a Solaris 10 system with a bunch of zones on it. My issue is the following: - I have application A and B running in the same zone: i.e. they communicate via loopback interface. Application A tries to connect to application B, usually listening on port X. If application B... (6 Replies)
Discussion started by: pierolinux
6 Replies

3. Shell Programming and Scripting

1024 field issue : awk

Hi i have a txt file in which i do a awk operation with ":" as field separator A B C D ABC::2386.13:2386.13:3248234281995::+DPY:INT:3:N::::2:200.00:0.00:2010-05-12:CA: ::2:N::N:PH:00010031:0001+DPY:BAL:3:N::::3:1601.01:0.00:2010-05-12:XT::2:N:MR ... (1 Reply)
Discussion started by: mad_man12
1 Replies

4. UNIX for Dummies Questions & Answers

RSA 1024

How to generate RSA 1024 public key?? Pls help (3 Replies)
Discussion started by: kdtrica
3 Replies

5. Red Hat

ssh_host_rsa_key 1024 bit?

Hi All, How do I know if ssh_host_rsa_key is 1024 bit? cat /etc/ssh/ssh_host_rsa_key | wc -m 887 It's only 887. Is that it? Or not? Thank you for any comment you may add. (2 Replies)
Discussion started by: itik
2 Replies

6. UNIX for Dummies Questions & Answers

ssh_exchange_identification: Connection closed by remote host Connection closed

Hi Everyone, Good day. Scenario: 2 unix servers -- A (SunOS) and B (AIX) I have an ftp script to sftp 30 files from A to B which happen almost instantaneously i.e 30 sftp's happen at the same time. Some of these sftp's fail with the following error: ssh_exchange_identification: Connection... (1 Reply)
Discussion started by: jeevan_fimare
1 Replies

7. UNIX for Dummies Questions & Answers

Closed ports

Hello I need to close some ports on a box Solaris 8, which command I need to use. Thanks for your replies (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

8. Cybersecurity

Allowing access to ports < 1024 w/o root

I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies
Login or Register to Ask a Question

Featured Tech Videos