You may need a very limited number of "dynamic ports", generally speaking it would be something like 1024-5000 not all the way to 65535 that's leaving way too much room for trojans/backdoors to operate freely. If I were you, id spend time examining your services for their port requirements and allocate only those range of ports. -----Original Message----- From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On Behalf Of Martin Kacerovsky Sent: Sunday, March 03, 2002 9:53 AM To: security-discuss@linuxsecurity.com Subject: new to list, wuestion about firewalling ports over 1024 And here's my question (if somebody can explain me), how is it with ports over 1024? I've read it's secure to leave them open, but I thing it will be more secure to close them :) So is it possible to choose exactly these ports I really need? For example I am running sshd, ftpd, netbios-* and talkd and with iptables I accept everything on ports over 1024 and below 1024 I refuse everything with exceptions on ports 21,22,... TIA -- Regards Martin Kacerovsky, student of the Faculty of Mathematics and Physics at the Charles University in Prague, in the Czech Republic, in Europe, on Earth, in the Universe where Linux operating system rules... ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.