Re: [fw-wiz] Windows networking specifics (Was: re: Annoying pop-ups)

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 10/30/02


From: Mikael Olsson <mikael.olsson@clavister.com>
To: Luca Berra <bluca@comedia.it>
Date: Wed Oct 30 10:22:01 2002


Luca Berra wrote:
>
> Mikael Olsson wrote:
> > Neil Ames wrote:
> > > [block port 139]
> > This is somewhat disconcerting.
> > [block port 445 too]
>
> there has been a precise question "which port is used for windows
> messaging popup, how do i stop it?" and a precise answer "port 139,
> icf". so please calm down.

Here's an abject lesson in windows networking:

- Block port 139, tcp as well as udp
  Can connect to computer management interface
  Can connect to remote registry
  Can access all shares and printers
  "net send" works

- Block ports 136-445, tcp as well as udp.
  Can authenticate and connect to f.i. exchange servers and other
    RPC services that do not require port 139/445 for auth.
  "net send" still works

- Block ports 135-139, tcp as well as udp
  Can connect to computer management interface
  Can connect to remote registry
  Can access all shares and printers

> btw icf is not that bad for a product embedded in a microshaft os
> stateful, blocks everything by default, so probably Neil's
> suggestion also answers your concerns.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q314757&

Please study, in detail, the section that says "the ICF does not block
incoming broadcast or multicast traffic", and especially the bit that
explains how f.i. UPnP can be broadcast. [1]

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
[1] Broadcasts can be directed across the Internet, too.
    This is why smurf amplification works.


Relevant Pages

  • Re: [fw-wiz] Annoying pop-ups
    ... there has been a precise question "which port is used for windows ... btw icf is not that bad for a product embedded in a microshaft os ... that got introduced in windows 2000. ...
    (Firewall-Wizards)
  • Re: Opening a TCP port on a WIN2K DC
    ... You can't manually open a port in Windows 2000 - there are no blocked ports ... Only a firewall can block ports. ...
    (microsoft.public.win2000.networking)
  • Re: Mail server recommendations
    ... I´d tell them otherwise than to block ports. ... spamassassin (in case I ever decide to work around the port 25 block) ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: TCP/IP Filtering
    ... > I used TCP/IP filtering to block ports, then I allowed port 80 for HTTP ... There's no logging. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Port Scanning
    ... and can block ports in there and ... Norton Firewall where you can chose incoming and outgoing. ... > I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself ... > port intrusion, some from Blueyonder IP's, some not. ...
    (comp.security.misc)