Re: How to close ports and which ones

From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 03/18/04

• Next message: Raymond: "Read only Permission on Folder"
• Previous message: Keith W. McCammon: "Re: How to close ports and which ones"
• In reply to: Richard: "How to close ports and which ones"
• Next in thread: Matt Clapham [MSFT]: "Re: How to close ports and which ones"
• Reply: Matt Clapham [MSFT]: "Re: How to close ports and which ones"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 18 Mar 2004 20:35:42 GMT

On Thu, 18 Mar 2004 06:24:15 -0800, "Richard"
<anonymous@discussions.microsoft.com> wrote:

>My ISP has performed a port scan and asked me to close as
>many ports as possible. How do I do this and which ones?

In your firewall, close all ports, then open only what you need.

>I know 135 is used to map network drives and 80 is my web
>server.

You don't need 135 open to the internet. And shouldn't have it. If
you run a web server you'll need TCP 80, DNS would need UDP 53 and TCP
53, FTP is TCP 20 and 21.

>The report follows:
>53/tcp (domain)
>80/tcp (www)
> - A web server is running on this port
> - This web server was fingerprinted as MS IIS 5.0 on
>Win2000 SP4 or 5.1 on
>WinXP SP1
> which is consistent with the displayed banner:
>Microsoft-IIS/5.0
> - The remote web server type is :
>
> Microsoft-IIS/5.0
>
>
> Solution : You can use urlscan to change reported
>server for IIS.

Yep, though of very little use to hide the type of server you should
have URLScan installed for other attacks. Use the IIS Lockdown tool
and follow the rest of the lockdown process found at:

http://www.microsoft.com/technet/security/prodtech/iis/default.mspx

Jeff

---

• Next message: Raymond: "Read only Permission on Folder"
• Previous message: Keith W. McCammon: "Re: How to close ports and which ones"
• In reply to: Richard: "How to close ports and which ones"
• Next in thread: Matt Clapham [MSFT]: "Re: How to close ports and which ones"
• Reply: Matt Clapham [MSFT]: "Re: How to close ports and which ones"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Security Issue (Protect How?) ... > Hi, i have my Web server running, but regard to security i have nothing. ... FTP requires TCP 21 and also either TCP 20 or a randomly selected TCP port ... "active passive ftp firewall" to find out how the rules should be set up. ... TCP and UDP ports 53 inbound. ... (microsoft.public.inetserver.iis.security) Thanks Re: Security Issue (Protect How?) ... > Hi, i have my Web server running, but regard to security i have nothing. ... FTP requires TCP 21 and also either TCP 20 or a randomly selected TCP port ... "active passive ftp firewall" to find out how the rules should be set up. ... TCP and UDP ports 53 inbound. ... (microsoft.public.inetserver.iis.security) Re: Just added router and now cannot connect to web site from outside ... You need to forward the ports to your web server. ... (Port 80, TCP) ... I have been looking at the configuration screens ... (microsoft.public.dotnet.framework.aspnet) RE: IM Programs ... want to block these ports. ... you don't need an explicit deny for the other ports. ... Access-list 101 deny any tcp any any eq 5000 ... >Now, when applying these to your firewall, make sure the number ... (Security-Basics) Re: security advice (possible hacker activity?) ... Well, it's entirely up to you, but usually blocking all ports both outbound ... trojan or worm is installed onto the web server. ... the IIS web server. ... (microsoft.public.inetserver.iis.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2004-03