Security Basics mailing list archives
RE: Securing a Win2k DNS server outside firewall...
From: "Bermingham, Bob" <Bob.Bermingham () idc-mcs com>
Date: Fri, 6 Jun 2003 10:43:17 -0700
I'm pretty sure that if you unbind File and Print sharing and client for Microsoft Networks from the network adapter, it will stop responding to RPC requests. If you're only using the boxes for DNS, it shouldn't cause any problems. -----Original Message----- From: VNV Jeep [mailto:vnvjeep () hotmail com] Sent: Friday, June 06, 2003 10:05 AM To: security-basics () securityfocus com Subject: Securing a Win2k DNS server outside firewall... Hi All... I have 2 Windows 2000 DNS servers sitting on the outside of our firewall. They're vanilla installs of Win2k server, both running as member servers, locked down as much as possible, running a primary & secondary DNS configuration. When running a port scan against these servers, one of the only things that tends to worry me is that they both answer to port 135 RPC. I've tried to figure out a way to prevent that port from being available, but all I could find as far as answers go is that I'd need to run a firewall to block it. I did try running a small firewall on the servers, but ran into issues since DNS tends to use a myriad of dynamic ports when answering queries... Does anyone have any good ideas on how to lock down a Win2k server like this so that the only thing available as far as services go is DNS, and the replication thereof? Thanks in advance for your advice... Take care, Mike _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ Bermingham, Bob - Bob.Bermingham () idc-mcs com Confidentiality Notice: This document, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and destroy all copies of the original. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... David Gillett (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Richard Parry (Jun 06)
- Re: Securing a Win2k DNS server outside firewall... beartman (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... dave (Jun 06)
- <Possible follow-ups>
- RE: Securing a Win2k DNS server outside firewall... Bermingham, Bob (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Manuel Fernandes (Jun 09)
- RE: Securing a Win2k DNS server outside firewall... Minneker, Andrew L. (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Pascal Rossillon (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... type_o (Jun 09)