RE: Open ports to establish a one-way trust

From: Mike (mike_sha_at_shaw.ca)
Date: 03/02/05

  • Next message: Kelly Martin: "SF new article announcement: Apache 2 with SSL/TLS: Step-by-Step, Part 3"
    Date: Wed, 2 Mar 2005 08:26:34 -0500
    To: <security-basics@securityfocus.com>
    
    

    These are the ports open on my DC, maybe this can help?

    PORT STATE SERVICE
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    88/tcp open kerberos-sec
    110/tcp open pop3
    135/tcp open msrpc
    139/tcp open netbios-ssn
    143/tcp open imap
    389/tcp open ldap
    443/tcp open https
    445/tcp open microsoft-ds
    464/tcp open kpasswd5
    593/tcp open http-rpc-epmap
    636/tcp open ldapssl
    691/tcp open resvc
    993/tcp open imaps
    995/tcp open pop3s
    1026/tcp open LSA-or-nterm
    1029/tcp open ms-lsa
    1076/tcp open sns_credit
    1084/tcp open ansoft-lm-2
    1109/tcp open kpop
    3052/tcp open PowerChute
    3268/tcp open globalcatLDAP
    3269/tcp open globalcatLDAPssl
    3372/tcp open msdtc
    6101/tcp open VeritasBackupExec
    38292/tcp open landesk-cba

    Sincerely,

    Mike Fetherston

    PS> Yes, I know.. mail and web on a DC.. bad bad pooh pooh.. budget
    constraints dictated this...

    > -----Original Message-----
    > From: Ju Ne [mailto:ddjjembe1@hotmail.com]
    > Sent: Tuesday, March 01, 2005 11:16 AM
    > To: security-basics@securityfocus.com
    > Subject: Open ports to establish a one-way trust
    >
    > We have a domain in our WAN that needs an Active Directory
    > one-way trust established with our domain. The change has been made
    in
    > Active Directory but we have been unable to test this new trust? What
    > ports
    > need to be opened at the firewall to allow this trust from a firewall
    > perspective? Are any of the ports listed below required for this
    trust?
    >
    > TCP 135 - Microsoft RPC
    > UDP 137 - Netbios-ns
    > UDP 138 - Netbios-dgm
    > TCP 139 - Netbios
    > TCP 42 - WINS, Nameserv
    > TCP/UDP 389- LDAP
    > TCP 636 - SLDAP
    > TCP 3268 - MSFT-GC
    > TCP 3269 -MSFT-GC-SSL
    > TCP/UDP 53 -DNS
    > TCP/UDP 88 - Kerberos, www
    > TCP 445 - SMB
    >
    > Thanks,
    >
    > Djembe
    >
    > _________________________________________________________________
    > FREE pop-up blocking with the new MSN Toolbar - get it now!
    > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


  • Next message: Kelly Martin: "SF new article announcement: Apache 2 with SSL/TLS: Step-by-Step, Part 3"

    Relevant Pages

    • Re: Windows Server 2003 domain trust issue
      ... That was tracked down to the Watchguard firewall at the remote ... DNS functioning (I should say that the odd thing is that there was already ... checking the status of the listed ports. ... Depending on how much you REALLY trust the other people, ...
      (microsoft.public.windows.server.dns)
    • Re: One Way TRUST Through Firewall problem
      ... I've allowed all ports on the firewall and added static routes to both ... You mean ideas other than establishing that it is or is not RPC? ... I have a one way trust domain setup between two windows 2003 forests ...
      (microsoft.public.security)
    • question about domain trusts and firewall ports
      ... I'm going to establish a trust between two separate domains (W2K3 ... I'd like to confirm what ports on the firewall need to be opened ... I came across this post which illustrates a firewall configuration ... and 42/TCP on the server side and have 1024-65535/TCP open on the ...
      (microsoft.public.windows.server.active_directory)
    • Re: port requirements for trusts
      ... Robert Tafaro says... ... > Is there a document out there to tell me what ports I have to have open ... I'd strongly suggest to use IPSec to secure your trust over the firewall. ...
      (microsoft.public.win2000.active_directory)
    • Re: port requirements for trusts
      ... Robert Tafaro says... ... > Is there a document out there to tell me what ports I have to have open ... I'd strongly suggest to use IPSec to secure your trust over the firewall. ...
      (microsoft.public.windows.server.active_directory)