Announcement

Collapse
No announcement yet.

server Open ports

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • server Open ports

    My server running win2003 conects to the internet with an Invalid IP 24 hours a day.Open ports on my Server are :

    135 [ epmap => DCE endpoint resolution ]
    53 [ Domain => Domain Name Server ]
    139 [ Netbios-ssn => NETBIOS Session Service ]
    389 [ LDAP => Light Directory Access Protocol ]
    445 [ Microsoft-Ds ]

    Is my server safe with these open ports or should I close some of them?
    My server uses Firewall.

  • #2
    Re: server Open ports

    those ports to the internet?

    don't do it !!!

    port 53 can be ok, for dns lookup, the rest close it!!

    also see this for example
    http://www.cert.org/current/services_ports.html
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: server Open ports

      Dumber!
      thanks for you reply
      but the problem is that this server act as DC,File server, And also ISA(weird,Yes!!!)
      I can not add another server.the only thing that is possible is to tighten the OS.I am waiting for your comments.& one more thing, how can I close those other ports from External Network access.

      Comment


      • #4
        Re: server Open ports

        As dumber says, close them now before you have a spam robot (if you don't already).

        All those ports should be closed, even 53 (DNS) should really be closed to anything other than your ISP's DNS servers, your local DNS server should have forwarders setup to these specified DNS servers.

        If you have ISA then you already have a software firewall, you can lock down these ports through ISA. I would also hope you are using a hardware firewall either built-in to your router (normal for small ADSL implementations), or a serperate deidcated firewall.

        Lock these ports down on here, just out of interest where did you get that list of open ports from ? Aren't you missing 80, 443, 25 or 110 and possibly 20\21 ? Or is that a pure incoming list only ?

        Note we are talking about blocking these ports from external use not internal, so it doesn't matter if this particular server is a DC or not.

        topper.
        * Shamelessly mentioning "Don't forget to add reputation!"

        Comment


        • #5
          Re: server Open ports

          To add :

          If that list is incoming only then why have you got DNS on there as well, this shouldn't be needed unless you are hosting your own DNS servers, but by the sounds of it you won't be.

          topper.
          * Shamelessly mentioning "Don't forget to add reputation!"

          Comment


          • #6
            Re: server Open ports

            thanks topper!
            hope you and others help me to find my asnwers.
            I have setup Lan 2 month ago.
            It consist of 12 workstation(WinXP-Sp2) and 1 server(win03).
            They would like Centeral file server (with specific permissions) and Internet connectivity for all Workstations.
            I use Win03 on server, with thse services,
            1- Active Director
            2-DNS
            3-File server
            4-ISA
            The open ports which I mentionded is the result of GFI L.N.S.S used from server to show open ports.
            What is wrong in this strategy.Any comment to do better.

            Comment


            • #7
              Re: server Open ports

              yeah, but you still don't know if those ports are internal only, or also external.

              try running shields up! first to check this.
              https://www.grc.com/x/ne.dll?bh0bkyd2

              i Can't see you're network setup, so maybe a drawing might help. also i can't see you're rulebase, but i recommend not posting that!

              Look at you're rulebase and check how you setup ISA.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: server Open ports

                Ok. I will summery it to you
                1- Allow access From:Local & Intranet To: local & intranet
                2-Allow access From Local & Intranet To: External

                Comment


                • #9
                  Re: server Open ports

                  please create a drawing of you're network setup..
                  it really helps.
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: server Open ports

                    Dumber with special thnaks
                    I used Your prefered website.It didnot find any open ports of my server.
                    It only find open ports of MY ISP.When I test it for Netbios it tolds me thant your server security is tight and when I try open ports it find 2 open ports of my ISP and 6 ports in stealth mode.I do not know whether I can put the summary here or not?I do not know which details you asked me to tell you?

                    Comment


                    • #11
                      Re: server Open ports

                      Originally posted by S2002
                      Ok. I will summery it to you
                      1- Allow access From:Local & Intranet To: local & intranet
                      2-Allow access From Local & Intranet To: External
                      ok,

                      do i understand the following correctly:
                      <LAN>----<ISASERVER (Local)> ------<EXTERNAL>

                      if so:

                      1)what does the isaserver does, besides isa. Is it DC? is it DNS? what functions more does he has?

                      2) What do you allow?
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: server Open ports

                        <LAN>----<ISASERVER (Local)> ------<EXTERNAL>

                        It's Rules are DC,DNS.
                        I use these 2 rule:
                        1- "LAN users Allow to access Local and Vice versa"
                        to Enable Users Authenicate to domain because Local(Isa server) Main role is Domain Controller and DNS server.
                        2-"LAN users & Local: Allow to Access External"
                        To enable users access to internet

                        Comment


                        • #13
                          Re: server Open ports

                          which protocols?
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: server Open ports

                            Internal(LAN) __> Internet : http,https,FTP for users internet Access.
                            Internall(Lan) __> Local(Server) Simple File Sharing)

                            Comment

                            Working...
                            X