User guide
Chapter 11: Protecting Your Network From Attacks
154 WatchGuard Firebox System
intrusions can be difficult or impossible to detect by all but the
most knowledgeable users.
The first X Window server is always on port 6000. If you have an
X server with multiple displays, each new display uses an
additional port number after 6000, up to 6063 for a maximum of
64 displays on a given host.
X Font Server (port 7100)
Many versions of X-Windows support font servers. Font servers
are complex programs that run as the super-user on some hosts.
As such, it is best to explicitly disable access to X font servers.
NFS (port 2049)
NFS (Network File System) is a popular TCP/IP service for
providing shared file systems over a network. However, current
versions have serious authentication and security problems which
make providing NFS service over the Internet very dangerous.
N
OTE
Port 2049 is not assigned to NFS; however, in practice, this is the most
common port used for NFS. The port assigned for NFS is assigned by the
portmapper. If you’re using NFS, it would be a good idea to verify that
NFS is using port 2049 on all your systems.
OpenWindows (port 2000)
OpenWindows is a windowing system from Sun Microsystems
that has similar security risks to X Window.
rlogin, rsh, rcp (ports 513, 514)
These services provide remote access to other computers and are
somewhat insecure on the Internet. Because many attackers probe
for these services, it is a good idea to block them.
RPC portmapper (port 111)
RPC Services use port 111 to determine which ports are actually
used by a given RPC server. Because RPC services themselves are
very vulnerable to attack over the Internet, the first step in
attacking RPC services is to contact the portmapper to find out
which services are available.