RE: Windows networking ports

From: Mark L. Jackson (mark_l_jackson@iname.com)
Date: 01/09/02


From: "Mark L. Jackson" <mark_l_jackson@iname.com>
To: "Justin Silles" <JUSTIN@m-m-s.com>, <security-basics@securityfocus.com>
Date: Wed, 9 Jan 2002 01:14:05 -0800

win2k ports:
TCP/53 DNS zone xfer
TCP/135 RPC/DCE Endpoint mapper
UDP/137 NetBIOS name service
TCP/139 NetBIOS session service (SMB)
TCP/445 SMB over TCP (direct to host)
UDP/161 SNMP
TCP/UDP 389 LDAP
TCP/1433 MSSQL
UDP/1434 MSSQL instance mapper
TCP/3268 AD Gloabel catalog
TCP/3269 Global catalog over SSL
TCP/3389 Windows Terminal Server

I am guessing you are using Win2k, as you did not say what your O/S
is.

Why not use a VPN connection. Opening these up to the
world will ensure an attack.

> Just trying to set up a way to map a drive through our
> firewall (Internal to
> DMZ) for special computers and special username/password combo via NT
> authentication....
>
> While doing so I swore that I just needed to open up ports
> 137, 138 and 139
> between the two PCs in order to map shares. Is there one
> more port that I
> am missing (seems to me there is)...or multiple ports...??
> Do I need to
> specify that after the initial connection there needs to be a
> subsequent
> connection to a random port between 1024-65563? Again, I
> just thought I
> needed 137-139.
>
> When tested on our non-live network we tried opening up a
> huge hole across
> the internal to DMZ loop, just incase another rule
> (computer-name or user)
> was not set proper. Still did not work.
>