RE: Strange open ports on windows machines

[Ben Nagy <bnagy () cpms com au>]

Disable the Server, Workstation and all RPC services, and reboot. >;)

Alternatively, if you don't want to rebuild your NT box, you can disable all
ports with the (very ugly) filtering feature which comes with NT (look in
the network control panel somewhere...TCP->Properties->Advanced or
something?). This means that you have to selectively enable the ports you
want. This is fine for some boxes (WWW servers, mailservers etc) but sucks
for boxes like firewalls where there are thousands of ports that may need to
be opened.

Alternatively again, if you want a _good_ solution, disable the Server and
Workstation services if you can get away with it (you can for most
firewalls) and filter external access to the RPC endpoint mapper (port 135)
from the outside world with some device or other. Gosh...that filtering you
from danger...almost like...a wall...protecting you...from fire...or
something...

Cheers,

--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304  Mobile: +61 414 411 520  

> -----Original Message-----
> From: Kaptain [mailto:kaptain () kaptain com]
> Sent: Tuesday, 26 October 1999 3:15 AM
> To: Michael H. Warfield
> Cc: Christoph Schneeberger; firewall-wizards () nfr net
> Subject: Re: Strange open ports on windows machines
>
>
> <snip>
> >     Even without BO there, with ports 135-139 tcp and udp open to
> > access you have all the security of a tissue in a hurricane.
> >
> > > Cheers,
> > > Christoph Schneeberger
> > > SCS Telemedia
> >
> >     Mike
> </snip>
>
>
> How can you disable the public accessibility of the 135-139 
> windows ports?
>
> -K