Re: Blocking ports
From: x y (firstname.lastname@example.org)
- Next message: x y: "Re: Automatically lock workstation"
- Previous message: x y: "Re: Windows File Protection Error"
- In reply to: Asanga: "Blocking ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <email@example.com> Date: Tue, 2 Jul 2002 13:09:15 -0400
I think it's really essential to have logging capabilities whenever you do
port blocking, for troubleshooting issues like this. Windows 2000 IPsec does
not have logging, so I would debate the value of choosing it over some third
If you have logging capabilities, checking the log is always the first thing
I would think to do whenever you have a question like this. If you don't
have logging capabilities, install Windows 2000 Network Monitor [under
control panel,add/remove programs, windows components] or ethereal or
windump onto both machines to see what exactly is being sent and received or
I gave up on doing port filtering betweeen clients and the domain
controllers as it seems that several connections are opened on random ports,
sometimes originating from the domain controller.
"Asanga" <firstname.lastname@example.org> wrote in message
> I run W2K with AD and I have a member server logging into
> the domain. In the member server I have blocked all
> unnecessary ports accoung to this article -
> I have opened the domain and kerberos authentication ports
> but still when I log into the domain, it takes very long
> time for me to log into it. It takes about 5 minutes for
> the log in process but it works. Has anyone experience
> this before? and if so what specific ports can I leave