OT: Should these ports be open, on dsl router? Options

[swood]

21 FTP - we access, but don't support our own ftp server

23 Telnet - we do not use telnet

I swear we're getting infiltrated. Gotta button the ship up.

[bperry]

Ah, finally a topic i'm very familiar with...
Would help to know a bit more about your topology and if
this is for a home or business environment along with the
type of routing you are doing. Are you doing any sort of
NAT or NAPT?

Many small home routers such as Linksys do not allow you
seperately filter inbound/outbound ports so you have to be
careful and sometimes creative with what you filter because
their filtering capabilities are so limited.
Also, there is alot more than just HTTP, POP, & SMTP that
you are going to want to allow to have a working/functioning system
and a good WEB browsing experience.
(HTTPS, & DHCP immediately come to mind) There are other
things like instant messaging stuff, RealVideo/Audio etc....

The main thing is to block the nasty areas that are easily exploited
on Microsoft machines. The big one is multicast/broadcast protocols
such as NetBT which is microsloth's
NETBUI stuff slammed out in broadcast UDP packets.


If you can explain your environment and what your
are wanting to do in more detail, I'm sure we can fix you up.

But keep in mind that most viruses are spread due to microsofts
lack of any security in things like IE and Outlook and Outlook Express.

--- bill