Re: KB article 324261 incorrect?

• Previous message: Steven L Umbach: "Re: User locked out with event 537 under type 11 logon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Nov 2005 16:42:30 -0600

You are correct. There appears to be an error in the KB article. Almost
always one port will need to be any to accommodate the over 1024 port that
the client will randomly use. In the KB article there is a send feedback
option that you could use to send to them your findings but don't expect
immediate results. Good job! --- Steve

"Jim Bartlett" <JimBartlett@discussions.microsoft.com> wrote in message
news:CBA360D7-00AD-437E-A29F-56825F7A9AD6@microsoft.com...
>I have posted this in Windows 2003 networking but no replies received.
>Maybe
> this is a more suitable forum. Basicall, the issue is that in KB324261,
> the
> procedure has you create IP filters that only match traffic that comes
> from
> AND goes to ports 161 and 162 over TCP/UDP. This doesn't happen. When
> using
> any SNMP management product (Dell Openmanage for example), traffic comes
> from
> a random high port, to port 161, then from 161 back to the random high
> port.
> So the filters defined in that article never match.
>
> I had to create rules that say from 161 to any port, use IPSec. This rule
> works (verified by Ethereal). Shouldn't this article be updated, or have I
> misread it?

• Previous message: Steven L Umbach: "Re: User locked out with event 537 under type 11 logon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Netbios Port 137 Outbound ... you probably want to block outgoing port 137 using the router's ... filters or software firewall filters on the computer running ... To determine whether the outbound 137's are caused by WallWatcher, ... (microsoft.public.windows.server.sbs) Re: strange iptables/bridge behaviour ... If I explicitly block 110 on my firewall the scan still reports it ... the packet counters for this rule are incrementing when I port scan, ... My ISP filters those ports so they show up in the scan (albeit as filtered ... ISP's filters. ... (comp.security.firewalls) Re: Configure ISA for emails ... Packet Filters in ISA 2000 to allow internal clients access external POP3 ... Based on my research, after you run the CEICW, the POP3 and SMTP IP Packet ... Local port: All ports ... (microsoft.public.windows.server.sbs) Re: Question for BizTYalk Developers: Filters in ports: ... The filters for Send Ports(SP) and Send Port Groups located ... The filters for Receive Ports are located inside Receive shapes in ... The filter is defined in the *orchestration* because it is the orchestration ... (microsoft.public.biztalk.general) Re: prevent infinite loop in orchestration using bts.operation in ... we don't have an "not exists" predicate to use in filters. ... using direct bound ports are a nice and beautiful ... So by NOT USING a direct bound port on the ... Private blog: http://blog.eliasen.dk ... (microsoft.public.biztalk.general)