| blocking ports where there are no services doesn't | do much True, but it can ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pyre on May 2, 2013 \| parent \| context \| favorite \| on: Rack Attack: Protection from abusive clients `\| blocking ports where there are no services doesn't \| do much` True, but it can be a useful 'just in-case' against things listening on ports that you were unaware of. It's obviously bad for you not to know about services that are listening on your box, but you could view it as a safety net.

fduran on May 2, 2013 [–]

Agree, I also block all unused incoming ports as a safety net as you say.

oinksoft on May 2, 2013 | [–]

Probably easier to just use a whitelist policy, no?

fduran on May 3, 2013 | | [–]

Of course; implementation of the idea is whitelist: allow used ports default policy deny all

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact