Firewall Wizards mailing list archives
Re: Strange open ports on windows machines
From: Randy.Witlicki () valley net (Randy Witlicki)
Date: 25 Oct 99 15:48:51 EDT
mhw wrote:
On Mon, Oct 25, 1999 at 10:44:38AM -0700, Kaptain wrote:<snip>Even without BO there, with ports 135-139 tcp and udp open to access you have all the security of a tissue in a hurricane.How can you disable the public accessibility of the 135-139 windows ports?One word: Firewall.
Actually a better in my view: Router access lists.
ACLs work just fine for wholesale blocking of ports.
From one of my cisco access list configs:
...<snip>....
access-list 102 deny tcp any any eq 135
access-list 102 deny tcp any any eq 137
access-list 102 deny tcp any any eq 138
access-list 102 deny tcp any any eq 139 log
access-list 102 deny udp any any eq netbios-ns
access-list 102 deny udp any any eq netbios-dgm
access-list 102 deny udp any any eq 139
...<snip>....
And from # sh ip acce
permit tcp any any established (1064776 matches)
....<snip>...
deny tcp any any eq 135
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 139 log
deny udp any any eq netbios-ns (1819 matches)
deny udp any any eq netbios-dgm
deny udp any any eq 139
...<snip>...
(I redid the ACLs recently and it's a low traffic site, which
is why the numbers are low, I rarely get to log a port 139 probe.
I usually just see the udp/135 sillyness from Windows PCs who
would dearly like me to join their Network Neighborhood).
- Randy
-
Current thread:
- Re: Strange open ports on windows machines, (continued)
- Re: Strange open ports on windows machines Michael H. Warfield (Oct 25)
- Re: Strange open ports on windows machines David LeBlanc (Oct 26)
- whoops David LeBlanc (Oct 27)
- Re: Strange open ports on windows machines Arnd Vehling (Oct 28)
- RE: Strange open ports on windows machines Christoph Schneeberger (Oct 25)
- RE: Strange open ports on windows machines Lance Spitzner (Oct 27)