大家谈谈有那些需要deny 的端口?
我这里最新封掉的端口如下(以华为设备为例),大家觉得那些是不必要的,或者有什么需要新加的
rule 1 deny tcp destination-port eq 4444
rule 2 deny udp destination-port eq 593
rule 3 deny udp destination-port eq tftp
rule 4 deny udp destination-port eq 1434
rule 5 deny tcp destination-port eq 10080
rule 6 deny tcp destination-port eq 135
rule 7 deny udp destination-port eq 5554
rule 8 deny tcp destination-port eq 455
rule 9 deny udp destination-port eq 135
rule 10 deny udp destination-port eq 9995
rule 11 deny udp destination-port eq 455
rule 12 deny tcp destination-port eq 139
rule 13 deny udp destination-port eq 9996
rule 14 deny tcp destination-port eq 3208
rule 15 deny udp destination-port eq netbios-ssn
rule 16 deny udp destination-port eq netbios-ns
rule 17 deny tcp destination-port eq 1871
rule 18 deny tcp destination-port eq 445
rule 19 deny udp destination-port eq netbios-dgm
rule 20 deny tcp destination-port eq 4510
rule 21 deny udp destination-port eq 445
rule 22 deny tcp destination-port eq 1068
rule 23 deny udp destination-port eq 4334
rule 24 deny tcp destination-port eq 593
rule 25 deny tcp destination-port eq 5800
rule 26 deny tcp destination-port eq 4557
rule 27 deny tcp destination-port eq 5900
rule 28 deny tcp destination-port eq 4331
