[Thermodyne]

Here is a list of services/ports that I see most often. There are many more and I prolly forgot some. Check with the mgr/help forum and see what service and port(s) need to be open for each web activity you want to take part in. Then search the proto/port for known exploits. If it is an unsafe proto/port, then you get to decide if the risk is worth the gain.

Open

FTP tcp:20,21
http tcp:80
https tcp:443
ipsec_tunnel esp:0
DNS tcp/udp:53
ping icmp:0
pptp tcp:1723
pptp_tunnel gre:0
real-audio tcp:7070
smtp tcp:25
snmp tcp/udp:161
snmp-traps tcp/udp:162
telnet tcp:23
nntp tcp:119

open w/risk

aim tcp:5190
finger tcp:79
H.323 tcp:1720
icq: udp:4000
irc tcp/udp:6667
MSN Messenger tcp:1863
news tcp:144


open only if needed

rpc tcp:593
rpc1 tcp/udp:135
rpc2 udp:137,138
rpc3 tcp/udp:445
bgp tcp:179
bootp udp:67,68
cu-seeme tcp/udp:7648,24032
nfs udp:2049
rgmd tcp:512
multicast igmp:0
rexec tcp:514
rlogin tcp:513
rtelnet tcp:107
rtsp tcp/udp:554
sftp tcp:115
sql-net tcp:1521
ssh tcp/udp:22
strmworks udp:1558
tacacs udp:49
tftp udp:69
vdolive tcp:7000