RE: Windows 2000 server ports, services to close.

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

NSA released quite a good bunch of PDF articles relating to Win 2K, you can search thrm on http://www.nsa.gov/search/

HTH !



-----Message d'origine-----
De : Pablo Hauser [mailto:pablohauser () yahoo com ar] 
Envoyé : mercredi 13 octobre 2004 18:32
À : Brent Clark; security-basics () securityfocus com
Objet : Re: Windows 2000 server ports, services to close.

It depends on which services will you provide, tell us some more... But maybe you should close immediatly TCP135, 139 
and 445...



Brent Clark <bclark () rocketseed us> wrote: Hi all

Could someone please advise me on how and what ports do I have to shutdown for a Microsoft Wintendo 2000 server.
If anyone has a link, URL, doc, etc to advise me, it would be soo apprecaited

On my linux box I run and port scan and these are what I found (Quite scary actually, im soo glad that into Linux)

============================================================================
=================
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-13 09:12 SAST Initiating SYN Stealth Scan against ctsql
(192.168.111.123) [1660 ports] at
09:12
Discovered open port 3389/tcp on 192.168.111.123 Discovered open port 6103/tcp on 192.168.111.123 Discovered open port 
3052/tcp on 192.168.111.123 Discovered open port 135/tcp on 192.168.111.123 Discovered open port 445/tcp on 
192.168.111.123 Discovered open port 6101/tcp on 192.168.111.123 Discovered open port 1433/tcp on 192.168.111.123 
Discovered open port 139/tcp on 192.168.111.123 Discovered open port 3372/tcp on 192.168.111.123 Discovered open port 
2301/tcp on 192.168.111.123 Discovered open port 1026/tcp on 192.168.111.123 Discovered open port 1025/tcp on 
192.168.111.123 The SYN Stealth Scan took 1.59s to scan 1660 total ports.
For OSScan assuming that port 135 is open and port 1 is closed and neither are firewalled Host ctsql (192.168.111.123) 
appears to be up ...
good.
Interesting ports on ctsql (192.168.111.123):
(The 1648 ports scanned but not shown below are in
state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1433/tcp open ms-sql-s
2301/tcp open compaqdiag
3052/tcp open PowerChute
3372/tcp open msdtc
3389/tcp open ms-term-serv
6101/tcp open VeritasBackupExec
6103/tcp open RETS-or-BackupExec
MAC Address: 00:0F:20:98:2B:8B (Hewlett Packard) Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP OS details: Microsoft Windows Millennium Edition (Me), Windows 2000 
Professional or Advanced Server, or Windows XP TCP Sequence Prediction: Class=random positive increments
Difficulty=9327 (Worthy challenge)
IPID Sequence Generation: Busy server or unknown class

Nmap run completed -- 1 IP address (1 host up) scanned in 3.449 seconds


============================================================================
===============

Kind Regards and thanks in advance
Brent Clark




Pablo D. Hauser

---------------------------------
Ahora podés usar Yahoo! Messenger en tu Unifón, en cualquier momento y lugar.
Encontrá más información aquí.


=====
Pablo D. Hauser

Correo Yahoo! - 6 MB, tecnología antispam ¡gratis! 
 Suscribite ya http://correo.yahoo.com.ar/