RE: Open ports to establish a one-way trust

From: Mike (mike_sha_at_shaw.ca)
Date: 03/02/05

  • Next message: Kelly Martin: "SF new article announcement: Apache 2 with SSL/TLS: Step-by-Step, Part 3"
    Date: Wed, 2 Mar 2005 08:26:34 -0500
    To: <security-basics@securityfocus.com>
    
    

    These are the ports open on my DC, maybe this can help?

    PORT STATE SERVICE
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    88/tcp open kerberos-sec
    110/tcp open pop3
    135/tcp open msrpc
    139/tcp open netbios-ssn
    143/tcp open imap
    389/tcp open ldap
    443/tcp open https
    445/tcp open microsoft-ds
    464/tcp open kpasswd5
    593/tcp open http-rpc-epmap
    636/tcp open ldapssl
    691/tcp open resvc
    993/tcp open imaps
    995/tcp open pop3s
    1026/tcp open LSA-or-nterm
    1029/tcp open ms-lsa
    1076/tcp open sns_credit
    1084/tcp open ansoft-lm-2
    1109/tcp open kpop
    3052/tcp open PowerChute
    3268/tcp open globalcatLDAP
    3269/tcp open globalcatLDAPssl
    3372/tcp open msdtc
    6101/tcp open VeritasBackupExec
    38292/tcp open landesk-cba

    Sincerely,

    Mike Fetherston

    PS> Yes, I know.. mail and web on a DC.. bad bad pooh pooh.. budget
    constraints dictated this...

    > -----Original Message-----
    > From: Ju Ne [mailto:ddjjembe1@hotmail.com]
    > Sent: Tuesday, March 01, 2005 11:16 AM
    > To: security-basics@securityfocus.com
    > Subject: Open ports to establish a one-way trust
    >
    > We have a domain in our WAN that needs an Active Directory
    > one-way trust established with our domain. The change has been made
    in
    > Active Directory but we have been unable to test this new trust? What
    > ports
    > need to be opened at the firewall to allow this trust from a firewall
    > perspective? Are any of the ports listed below required for this
    trust?
    >
    > TCP 135 - Microsoft RPC
    > UDP 137 - Netbios-ns
    > UDP 138 - Netbios-dgm
    > TCP 139 - Netbios
    > TCP 42 - WINS, Nameserv
    > TCP/UDP 389- LDAP
    > TCP 636 - SLDAP
    > TCP 3268 - MSFT-GC
    > TCP 3269 -MSFT-GC-SSL
    > TCP/UDP 53 -DNS
    > TCP/UDP 88 - Kerberos, www
    > TCP 445 - SMB
    >
    > Thanks,
    >
    > Djembe
    >
    > _________________________________________________________________
    > FREE pop-up blocking with the new MSN Toolbar - get it now!
    > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


  • Next message: Kelly Martin: "SF new article announcement: Apache 2 with SSL/TLS: Step-by-Step, Part 3"