Securing a server under Windows 2000

From: JBoss Dude (jbossdude@yahoo.com)
Date: 11/15/02 

From: jbossdude@yahoo.com (JBoss Dude)
Date: 15 Nov 2002 10:19:29 -0800

Hi,

how could I close all ports below 1024. I have a machine based on a W2K
box, exclusively serving static content.

these are the open ports in my machine. Just after booting it up.

...>Fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
364 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 445 TCP
480 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
512 inetinfo -> 1026 TCP C:\WINNT\System32\inetsrv\inetinfo.exe

8 System -> 445 UDP

...>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*

and these are the open ports in my machine after connecting to the internet.

...>Fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
364 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
480 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
512 inetinfo -> 1026 TCP C:\WINNT\System32\inetsrv\inetinfo.exe

8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP

...>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP XXX.XXX.XXX.XXX:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP XXX.XXX.XXX.XXX:137 *:*
UDP XXX.XXX.XXX.XXX:138 *:*

where XXX.XXX.XXX.XXX is my IP address.

Relevant Pages

  • Re: Plausible reasons for http access?
    ... snip some important but volumous and onorous content...to free up your time while helping me.. ... provides transportation service - in this case, transporting packets. ... Many instances have different open 'ports' numbered anything but 80,110,25. ... I wonder though if Spybots utility has failed to differentiate a proxy port and an actual open ethernet-internet port and is telling me I have "open ports" but no tcp/ip packets are acknowledged unless specificaly allowed? ...
    (comp.security.misc)
  • Re: AV showing unauthorized access attempts after installing IE8
    ... NAV is showing in its ... history "unauthorized access blocked" all day ... one or more ports open that is reacing to queies; ... One of the tests is for open ports. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: SMB File Sharing XP SP2
    ... i went straight to manually configuring my ports to allow file sharing ... > to manually configure the open ports. ... it's trying to automate ...
    (microsoft.public.windowsxp.general)
  • Re: Concerns about wording of man blackhole
    ... As open ports still show up as open I don't see the protection. ... What does this have to do with "blackhole". ... skillful intruders leapfrog around the firewall by abusing the HTTP CONNECT ...
    (freebsd-questions)
  • Re: Ports to close on firewall in an Active Directory Environment
    ... Microsoft Windows MVP - Active Directory ... >> But I still believe the Swiss Cheese thing with all those open ports. ...
    (microsoft.public.win2000.security)
Quantcast