Securing a server under Windows 2000

From: JBoss Dude (jbossdude@yahoo.com)
Date: 11/15/02 

From: jbossdude@yahoo.com (JBoss Dude)
Date: 15 Nov 2002 10:19:29 -0800

Hi,

how could I close all ports below 1024. I have a machine based on a W2K
box, exclusively serving static content.

these are the open ports in my machine. Just after booting it up.

...>Fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
364 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 445 TCP
480 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
512 inetinfo -> 1026 TCP C:\WINNT\System32\inetsrv\inetinfo.exe

8 System -> 445 UDP

...>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*

and these are the open ports in my machine after connecting to the internet.

...>Fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
364 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
480 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
512 inetinfo -> 1026 TCP C:\WINNT\System32\inetsrv\inetinfo.exe

8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP

...>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP XXX.XXX.XXX.XXX:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP XXX.XXX.XXX.XXX:137 *:*
UDP XXX.XXX.XXX.XXX:138 *:*

where XXX.XXX.XXX.XXX is my IP address.

Relevant Pages

  • Re: Plausible reasons for http access?
    ... snip some important but volumous and onorous content...to free up your time while helping me.. ... provides transportation service - in this case, transporting packets. ... Many instances have different open 'ports' numbered anything but 80,110,25. ... I wonder though if Spybots utility has failed to differentiate a proxy port and an actual open ethernet-internet port and is telling me I have "open ports" but no tcp/ip packets are acknowledged unless specificaly allowed? ...
    (comp.security.misc)
  • Re: SMB File Sharing XP SP2
    ... i went straight to manually configuring my ports to allow file sharing ... > to manually configure the open ports. ... it's trying to automate ...
    (microsoft.public.windowsxp.general)
  • Re: Concerns about wording of man blackhole
    ... As open ports still show up as open I don't see the protection. ... What does this have to do with "blackhole". ... skillful intruders leapfrog around the firewall by abusing the HTTP CONNECT ...
    (freebsd-questions)
  • Re: Ports to close on firewall in an Active Directory Environment
    ... Microsoft Windows MVP - Active Directory ... >> But I still believe the Swiss Cheese thing with all those open ports. ...
    (microsoft.public.win2000.security)
  • Re: Firewalls
    ... Note that some open ports may cause the problem - it will be a hole at your ... Maybe ports are closed not on your computer but at the external firewall ... I am trying to play online games at Game Spy. ...
    (microsoft.public.security)