Re: XP Hardening

From: Max Kennedy (mxkennedy@fuse.net)
Date: 09/19/02 

From: "Max Kennedy" <mxkennedy@fuse.net>
To: <focus-ms@securityfocus.com>
Date: Thu, 19 Sep 2002 17:28:50 -0400

(I hope the formatting/columns of this text keep correctly)

Here's my list of services that open ports.
Max Kennedy

-----
PORT name under Services in XP

port 7 TCP echo Simple TCP/IP Services-notin default install
port 7 UDP echo " "
port 9 TCP discard " "
port 9 UDP discard " "
port 13 TCP daytime " "
port 13 UDP daytime " "
port 17 TCP qotd " "
port 17 UDP qotd " "
port 19 TCP chargen " "
port 19 UDP chargen " "
port 23 TCP telnet (server)
port 25 TCP smtp Simple Mail Transfer Protocol (SMTP)
port 80 TCP http World Wide Web Publishing
port 123 UDP time Windows Time
port 135 TCP dcom/rpc Remote Procedure Call (RPC)
port 137 UDP netbios All part of winshare scheme, hard to disable
port 138 UDP netbios " "
port 139 TCP netbios " "
port 443 TCP SSL
port 445 TCP SMB winsharing
port 445 UDP SMB " "
port 500 UDP Ipsec Services
port 520 UDP RIP Listener RIPv1

ports above 1025 mostly depend on when they
were assigned and will vary, with the exception of
SSDP Discovery Service/UPNP. These are just examples.

port 1025
port 1900 UDP SSDP Discovery Service and Univ.Plug & Play
port 2869 TCP " "
port 5000 TCP " "

1645 UDP routing and remote access
1646 UDP routing and remote access
1812 UDP routing and remote access
1813 UDP routing and remote access (turns on 4 ports)

3001 alg.exe aplication layer gateway
3002 internet connection firewall/sharing
3003 internet connection firewall/sharing

There is one more port that turns off with a service.
I have 13 services running on my system, and
could eliminate 5 more of those.

Services you may not need depending on hardware:

shell hardware detection for laptop docking station
smart card only useful if you have smart cards
smart card helper " "
portable media serial number only useful if you have portable
                                media player
uniterruptible power supply only if you have ups or
                                laptop with battery system
Wireless Zero Configution only if you have wireless
IPSEC Services only if have special hardware
                                and configuration to use it

Another list for services that can be turned off
besides services that open ports.
http://www.blackviper.com/WinXP/servicecfg.htm

You can also turn off a few drivers that aren't needed.

Relevant Pages

  • Re: Open port PIX 501
    ... :i can't open the port in my PIX. ... :I need open the port 1000 to point to the IP 10.254.254.222. ... in practice only DNS servers doing zone transfers need tcp. ... of UDP, it would be a highly unusual client which did not stick ...
    (comp.dcom.sys.cisco)
  • Re: excessive TCP dulplicate acks revisted
    ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
    (freebsd-current)
  • excessive TCP dulplicate acks revisted
    ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
    (freebsd-current)
  • RE: DNS Records
    ... tcp>1023 53 Client queries with long replies ... On other client types, ... if you lock down all but port ... a client queries an initial server from an unreserved port number to UDP ...
    (Security-Basics)
  • Windows Update Scrammed My Server
    ... The Simple TCP/IP Services could not find the TCP Echo port. ... The Simple TCP/IP Services could not find the UDP Echo port. ...
    (microsoft.public.windowsupdate)