Re: Securing a server under Windows 2000

From: NeoSadist (neos@dist)
Date: 11/15/02

  • Next message: Jonathan Stephens: "Re: active directory security" 
    From: "NeoSadist" <neos@dist>
Date: Fri, 15 Nov 2002 15:44:00 -0700

    "JBoss Dude" <jbossdude@yahoo.com> wrote in message
    news:d472e77c.0211151019.2be8fd35@posting.google.com...
    > Hi,
    >
    > how could I close all ports below 1024. I have a machine based on a W2K
    > box, exclusively serving static content.
    >
    > these are the open ports in my machine. Just after booting it up.
    >
    >
    > ...>Fport
    > FPort v2.0 - TCP/IP Process to Port Mapper
    > Copyright 2000 by Foundstone, Inc.
    > http://www.foundstone.com
    >
    > Pid Process Port Proto Path
    > 364 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
    > 8 System -> 445 TCP
    > 480 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
    > 512 inetinfo -> 1026 TCP
    C:\WINNT\System32\inetsrv\inetinfo.exe
    >
    > 8 System -> 445 UDP
    >
    >
    > ...>netstat -an
    >
    > Active Connections
    >
    > Proto Local Address Foreign Address State
    > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    > TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    > UDP 0.0.0.0:445 *:*
    >
    >
    > and these are the open ports in my machine after connecting to the
    internet.
    >
    > ...>Fport
    > FPort v2.0 - TCP/IP Process to Port Mapper
    > Copyright 2000 by Foundstone, Inc.
    > http://www.foundstone.com
    >
    > Pid Process Port Proto Path
    > 364 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
    > 8 System -> 139 TCP
    > 8 System -> 445 TCP
    > 480 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
    > 512 inetinfo -> 1026 TCP
    C:\WINNT\System32\inetsrv\inetinfo.exe
    >
    > 8 System -> 137 UDP
    > 8 System -> 138 UDP
    > 8 System -> 445 UDP
    >
    >
    > ...>netstat -an
    >
    > Active Connections
    >
    > Proto Local Address Foreign Address State
    > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    > TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    > TCP XXX.XXX.XXX.XXX:139 0.0.0.0:0 LISTENING
    > UDP 0.0.0.0:445 *:*
    > UDP XXX.XXX.XXX.XXX:137 *:*
    > UDP XXX.XXX.XXX.XXX:138 *:*
    >
    > where XXX.XXX.XXX.XXX is my IP address.

    rr.sans.org

    the sans.org reading room. it's got lots of good whitepapers, including
    "hardening windows 2000" by philip cox.

    Relevant Pages

    • Re: port 3389 Not listening remote desktop connection
      ... It should display what IP addresses and ports your machine is mapping. ... Active Connections ... Is it listening? ... > I think that the repair installation is your best option at this point. ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Open Ports
      ... Active Connections ... >>ports and as far as I know nothing is accessing the net ... >>Norton Anti virus ... > night,and at Symantec's site info for the worm says to ...
      (microsoft.public.windowsxp.basics)
    • Re: Securing a server under Windows 2000
      ... > how could I close all ports below 1024. ... > FPort v2.0 - TCP/IP Process to Port Mapper ... > Copyright 2000 by Foundstone, ... > Active Connections ...
      (comp.security.firewalls)
    • Re: Securing a server under Windows 2000
      ... > how could I close all ports below 1024. ... > FPort v2.0 - TCP/IP Process to Port Mapper ... > Copyright 2000 by Foundstone, ... > Active Connections ...
      (microsoft.public.win2000.security)
    • Re: Whats opening these connections?
      ... will show the IP, Ports. ... If the EXE for the local port is "SVCHOST.EXE", ... .DLL's are running in these PID you have to use a utility. ... > Active Connections ...
      (microsoft.public.windows.server.networking)