Re: Windows 2000 server ports, services to close.

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-10-13 Brent Clark wrote:
> Could someone please advise me on how and what ports do I have to
> shutdown for a Microsoft Wintendo 2000 server.

Advice depends on what you need the server to do.

> If anyone has a link, URL, doc, etc to advise me, it would be soo
> apprecaited

Information on Windows services can be found here [1].

> On my linux box I run and port scan and these are what I found (Quite
> scary actually, im soo glad that into Linux)

Why? If your server is not supposed to provide services then why do you
have a server anyway?

[...]
> PORT     STATE SERVICE
> 135/tcp  open  msrpc

RPC portmapper

> 139/tcp  open  netbios-ssn

NetBIOS session service

> 445/tcp  open  microsoft-ds

DirectSMB

> 1025/tcp open  NFS-or-IIS

Probably the task scheduler.

> 1026/tcp open  LSA-or-nterm

Another service mapped by msrpc, maybe MS messenger, maybe something
else.

> 1433/tcp open  ms-sql-s

MS-SQL server

> 2301/tcp open  compaqdiag
> 3052/tcp open  PowerChute

Don't know. According to the port registrations these may be opened by
diagnostics- and UPS control-software. Or something else. Maybe TCPView
[2] and Process Explorer [3] will help to find out.

> 3372/tcp open  msdtc

Distributed Transaction Coordinator

> 3389/tcp open  ms-term-serv

Terminal Services

> 6101/tcp open  VeritasBackupExec
> 6103/tcp open  RETS-or-BackupExec

Do you run a copy of BackupExec?

[1] http://www.microsoft.com/windows2000/techinfo/howitworks/management/w2kservices.asp
[2] http://www.sysinternals.com/ntw2k/source/tcpview.shtml
[3] http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin