Quote:
Suicide Junkie said:
1) You mean block *all* ports? That's the only way its gonna happen.
|
[Sarcasm] Don't be silly. It may be possible to allow some ports from trusted sources. So, you could still bask in the glory of port 53or port 137 , so long as you stick with approved servers. There are probably a few other such services, where all traffic can be routed to a few, trusted servers.
Yeah, so perhaps you will lose access to a handful of ports. Well, it's not as if they were actually important. I mean, who uses port 25, port 80 or port 110? And don't start complaining about ports 22 and 23: only crackers and hackers (them are the same exact thing) have any use for them. [/Sarcasm]
Yup, ain't gonna happen, unless you really want to be stuck with DNS, NTP and their ilk (in a best case scenario; closing down everything ought to be faster and easier). And you should really close down port 80 to begin with: it's probably the one most used for downloads of all sorts. It also happens to be used by the HTTP protocol, but hey, who cares about that? Well, perhaps you would.
