Re: Closing ports

From: cato (antispam_at_zattox.com)
Date: 10/26/03


Date: Sun, 26 Oct 2003 16:09:32 -0500

Hi Curtis,
In XP pro the TCP/IP filtering panel has "Permit All" or "Permit Only"
possibilities. It means practically zero possibility to close a port from
filter control. Maybe a Microsoft Professional has the full info to list all
permitted ports except the ones to be closed :-) Plus it must have some
automated way to fill in the necessary data.

By and large I found in XP the TCP/IP filtering is only for decoration! Why
to advise a totally unusable service? Is there some hidden trick with which
the lack of direct denomination of the unwanted ports can be worked around?
Until than I stay with closing unnecessary services and time by time
security scan ports.
Thanks,
Mike

"Curtis Koenig [MSFT]" <curtisko@online.microsoft.com> wrote in message
news:R9uDCHkmDHA.2624@cpmsftngxa06.phx.gbl...
> I would agree with the statement that ports are used dynamicaly but would
> add that if you want to stop all communication on a port permanently you
> can use the TCP/IP filters that are built in to specify the types of
> traffic you want to allow or not allow.
> --
> Curtis Koenig
> Support Professional
> Microsoft Clustering Technologies Support
>
> Microsoft Certified Systems Engineer
> Microsoft Certified Systems Engineer - Security
>
> This posting is provided "AS IS" with no warranties and confers no rights.
> Please reply to the newsgroup so that others may benefit. Thanks!
>
> --------------------
> >From: "Steven L Umbach" <n9rouz@nscomcast.net>
> >Subject: Re: Closing ports
> >Date: Tue, 21 Oct 2003 16:47:30 GMT
> >
> >Ports are opened and closed by the applications/services that use them.
To
> block
> >access to ports from the internet, use a firewall XP has a very good
built
> in
> >firewall that you can use called ICF. --- Steve
> >
> >http://www.microsoft.com/windowsxp/home/using/howto/homenet/icf.asp
> >http://www.microsoft.com/security/protect/
> >
> >
>



Relevant Pages

  • RE: TCP/IP Filtering problem on W2KAS
    ... The problem is that if you are listing ports that are 'allowed' and you ... don't list every dynamic port used by a client to access the DNS ... "Using IPSec to Lock Down a Server": ... I find using the IPSec filters MUCH more useful then the TCP/IP Filtering. ...
    (Focus-Microsoft)
  • Re: TCP/IP filtering and opening DNS
    ... > I am having some problems with TCP/IP filtering and DNS with my ... > know its something with DNS. ... You also need to open ports above 1024 for outgoing connections. ...
    (microsoft.public.win2000.dns)
  • Re: TCP/IP Filtering Problem
    ... TCP/IP filtering is stateful for TCP but not for UDP. ... The ports you are ...
    (microsoft.public.win2000.security)
  • Re: TCP/IP Filtering works for incomming traffic, but closed my outgoing traffic
    ... eg, you brought up the TCP/IP filtering dialog and did abc, opening xyz ... My problem now is that I cant access the net from that server only ... > to the Enabled ports to be able to access the internet or what should I ...
    (microsoft.public.windows.server.security)
  • Re: keeping only ports 21 and 80 open
    ... depending on how your configuration is in XPE... ... configuration, under TCP/IP, and setup TCP/IP filtering, to permit all, ... permit only on TCP/UDP, and IP ports. ... The only real ports I see a potentail problem with is 13 this is ...
    (microsoft.public.windowsxp.embedded)