Extended lists can also filter TCP services entering or exiting the network. Based on your security policy, you may choose to allow specific traffic inbound access to your services.

Some network traffic should be denied under almost all circumstances:

  • Finger (79)
  • Systat (11)
  • TCP connections to a DNS server (TCP 53)

Hackers gather system information through the use of these services; by blocking them, you protect system information from release and keep your network secure.