[fw-wiz] Ingress/Egress Filtering for MS-Win Boxen/Networks

From: Jim Seymour (jseymour_at_LinxNet.com)
Date: 11/22/03

  • Next message: Victor B. Williams: "Re: [fw-wiz] Skip the PDM"
    To: firewall-wizards@honor.icsalabs.com
    Date: Sat, 22 Nov 2003 11:28:46 -0500 (EST)
    
    

    Hi Wizzards,

    Being as I run proxy firewalls at work and tightly control the LAN at
    home, I haven't had to much worry about this--until now. As it
    happens: I stumbled into a small consulting gig that involves setting
    up an Internet connection for a small business that's using all MS-Win
    boxes.

    Amongst other things: I would like to put packet filtering into their
    NAT router as one security measure. The problem is: Google'ing on the
    subject, and compiling the results, leaves many questions. Here's what
    I have so far:

    Port Blocking: Ingress

        Port Proto Dir Explanation

        135 ? dst NetBIOS
        136 ? ? ?
        137 TCP src NetBIOS
        137 UDP src NetBIOS
        137 UDP dst NetBIOS
        138 UDP dst NetBIOS
        139 TCP dst NetBIOS
        443 ? ? CIFS?
        445 TCP dst MS-DS
        1433 TCP ? MS-SQL
        1434 UDP ? MS-SQL
        1900 UDP ? MS-DS/UPnP
        3389 ? ? Terminal Services
        5000 ? ? XP Universal PnP
        27374 TCP ? SubSeven

    Port Blocking: Egress

        Port Proto Dir Explanation

        135 ? ? NetBIOS
        136 ? ? ?
        137 UDP src NetBIOS
        137 TCP dst NetBIOS
        137 UDP dst NetBIOS
        138 UDP src NetBIOS
        138 TCP dst NetBIOS
        138 UDP dst NetBIOS
        139 UDP src NetBIOS
        139 TCP dst NetBIOS
        139 UDP dst NetBIOS
        445 TCP dst MS-DS
        1900 UDP ? MS-DS/UPnP
        27374 TCP ? SubSeven

    The "?"s indicate that I don't know the answer.

    The other question is: Some of these ports appear to need blocking on
    both source *and* destination port, UDP *and* TCP. (E.g.: Port 137.)
    Or not? I question some of the information sources. For performance
    reasons, I'd prefer not to add unnecessary filters.

    (Yes, I'm aware that, the router being a NAT router, maybe the ingress
    filters aren't strictly necessary. I like to play it safe, tho.)

    ISTM it would be Really Handy if somewhere there was a single,
    consolidated list like the above.

    Thanks,
    Jim

    -- 
    Jim Seymour                  | PGP Public Key available at:
    jseymour@LinxNet.com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
    http://jimsun.LinxNet.com    |
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Victor B. Williams: "Re: [fw-wiz] Skip the PDM"