Re: How do I block just one port from being listened to on my server

From: George Hester (hesterloli@hotmail.com)
Date: 12/17/02


From: "George Hester" <hesterloli@hotmail.com>
Date: Tue, 17 Dec 2002 11:32:32 -0500

Believe me firewalls are starting to look better to me. Why am I averse to them? Well because it is an added possible issue when things do not go as expected. For example. Have you ever heard of people who complain that they cannot receive or send files in MSN Messenger? Well I sit here twiddling my thumbs while they turn this on turn this off unitl they come back and we try it again. I just don't want to be hassled with that.

And if I do know the IP that is doing this hacking how does that help anything? These "people" are using proxies and use a different IP all the time. Then I'm into the realm of blocking ranges of IPs. Then I'm into the realm of blocking ALL IPs. Can't have a public web site doing that.

I had someone who ftp'd a executable to my Zip disk and somehow installed it. It appeared in HKLM\Software. It was ServU FTP Server. They then started uploading files to my Zip disk. They didn't get very far because I heard my Zip disk whirring. Zip was FAT and so I assume that's why they did it there. It's the only non-NTFS File System on my System.

They used port 968 and so I thought I could filter out all ports from accepting FTP except port 21. But the IPSec seems to be more then I need and not sufficient for what I want.

That's why a Firewall is starting to look necessary.

-- 
George Hester
__________________________________
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message news:#pjlqodpCHA.1964@TK2MSFTNGP10...
> I agree.  Additionally, you forgot to mention what version of Windows you're
> running, which makes a big difference.  If you're running 2000 or XP, you
> can use IPSec filtering.  I really don't know your aversion to firewalls,
> there are several free ones including www.sygate.com  For my money, blocking
> this with a firewall of some sort is often the best way to do this, since
> you also get logging and alerting.  If someone hacks into your system,
> you're going to want to see what their IP address was, and without a
> firewall you won't have a clue who did it.  More info on IPsec and other
> free and not free firewalls and packet filtering options:
> 
> http://securityadmin.info/faq.htm#firewall  [including a section on IPsec]
> http://securityadmin.info/faq.htm#harden
> 
> Note that just blocking a port from receiving new inbound connections may
> not be enough to secure your computer, since outbound connections can be
> used to steal data from your computer, remote control your computer, etc.
> 
> If you need to know what program you'd need to disable to stop a certain
> port from listening, try using Vision from www.foundstone.com/knowledge
> 
> 
> 
> "S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
> news:#gOkaPapCHA.1644@TK2MSFTNGP10...
> > George,
> >
> > Maybe you can just stop the service running on the port or unbimd it from
> > the NIC?
> >
> >
> > --
> > Svyatoslav Pidgorny, MS MVP, MCSE
> > -= F1 is the key =-
> >
> > "George Hester" <hesterloli@hotmail.com> wrote in message
> > news:OarZV4YpCHA.1876@TK2MSFTNGP10...
> > without a Firewall.  I looked at TCP\IP filtering but that only gives us
> the
> > option of blocking all ports except.  I would prefer to allow all ports
> > except.  For me it is safer to do one thing at a time then hit the sever
> > over the head with a block all except.
> >
> > --
> > George Hester
> > __________________________________
> >
> >
> 
> 


Relevant Pages

  • Re: Port Ranges in IPSec
    ... You could do something like this with 3Com's Embedded Firewall. ... All of the filtering is done in hardware, which stops anyone from bypassing the firewall. ... it allows you to setup a filter that utilizes port ranges. ... > As far as I'm concerned, IPSec port filtering is useful for stopping casual ...
    (Focus-Microsoft)
  • Re: Help! Can I do this for under $400?
    ... >filtering, is missing. ... According to the FAQ of a firewall group, ... >destination addresses and port numbers. ... We have 3 web servers on the LAN ...
    (comp.security.firewalls)
  • Re: Help with finding hardware firewall that acts like software firewall
    ... >level but do not truly control things as per specific program executable. ... >They are basically filtering the application data within the packets. ... >And your other firewall functionality will far surpass what any of these ... >> specific port or ports. ...
    (comp.security.firewalls)
  • Re: How do I block just one port from being listened to on my server
    ... Blocking one port isn't the answer. ... Blocking these with TCP/IP filtering or IPSec ... > Those people who complain about a firewall blocking their chat would have ...
    (microsoft.public.security)
  • Re: sysvol replication breaks when IPSec running between DCs & firewal
    ... Also have a look here about UDP port 500: ... open the firewall for ports required by IPSec, ... We have two root DCs and three child domain DCs. ...
    (microsoft.public.windows.server.active_directory)