ISP Firewall Best Practices
Posted: Mon Oct 20, 2014 11:35 am
This has probably been covered but I couldn't find it on a search. ISP's are for providing service, not firewall protection I get it; but I'm trying to put together some information on best practices for an ISP's firewall to prevent their users from participating in DDoS etc. traffic that will only generate network problems and solicit email to the abuse admin. Not looking for a comprehensive rule list how to harden your router, but focusing more on filtering out user malicious traffic without undo disruption to legitimate traffic. Here's a few things I have so far, please comment!
Block known abuse IP's traffic from SpamHaus, dshield, and OpenBL
http://joshaven.com/resources/tricks/mi ... ress-list/
Block ports:
*25 TCP SMTP Both SMTP Relays
*80 TCP HTTP Inbound Web servers, worms
135 UDP NetBios Both Net Send Spam / Pop-ups, Worms
136-139 UDP, TCP NetBios Both Worms, Network Neighborhood
445 TCP MS-DS/ NetBios Both Worms, Network Neighborhood
1433 TCP MS-SQL Inbound Worms, Trojans
1434 UDP MS-SQL Inbound Worms, SQLslammer
1900 UDP MS-DS/NetBios Both Worms, Network Neighborhood
*Net admin's discretion
Drop invalid packets
Block known abuse IP's traffic from SpamHaus, dshield, and OpenBL
http://joshaven.com/resources/tricks/mi ... ress-list/
Block ports:
*25 TCP SMTP Both SMTP Relays
*80 TCP HTTP Inbound Web servers, worms
135 UDP NetBios Both Net Send Spam / Pop-ups, Worms
136-139 UDP, TCP NetBios Both Worms, Network Neighborhood
445 TCP MS-DS/ NetBios Both Worms, Network Neighborhood
1433 TCP MS-SQL Inbound Worms, Trojans
1434 UDP MS-SQL Inbound Worms, SQLslammer
1900 UDP MS-DS/NetBios Both Worms, Network Neighborhood
*Net admin's discretion
Drop invalid packets