Firewall Wizards mailing list archives
Ingress/Egress Filtering for MS-Win Boxen/Networks
From: jseymour () LinxNet com (Jim Seymour)
Date: Sat, 22 Nov 2003 11:28:46 -0500 (EST)
Hi Wizzards, Being as I run proxy firewalls at work and tightly control the LAN at home, I haven't had to much worry about this--until now. As it happens: I stumbled into a small consulting gig that involves setting up an Internet connection for a small business that's using all MS-Win boxes. Amongst other things: I would like to put packet filtering into their NAT router as one security measure. The problem is: Google'ing on the subject, and compiling the results, leaves many questions. Here's what I have so far: Port Blocking: Ingress Port Proto Dir Explanation 135 ? dst NetBIOS 136 ? ? ? 137 TCP src NetBIOS 137 UDP src NetBIOS 137 UDP dst NetBIOS 138 UDP dst NetBIOS 139 TCP dst NetBIOS 443 ? ? CIFS? 445 TCP dst MS-DS 1433 TCP ? MS-SQL 1434 UDP ? MS-SQL 1900 UDP ? MS-DS/UPnP 3389 ? ? Terminal Services 5000 ? ? XP Universal PnP 27374 TCP ? SubSeven Port Blocking: Egress Port Proto Dir Explanation 135 ? ? NetBIOS 136 ? ? ? 137 UDP src NetBIOS 137 TCP dst NetBIOS 137 UDP dst NetBIOS 138 UDP src NetBIOS 138 TCP dst NetBIOS 138 UDP dst NetBIOS 139 UDP src NetBIOS 139 TCP dst NetBIOS 139 UDP dst NetBIOS 445 TCP dst MS-DS 1900 UDP ? MS-DS/UPnP 27374 TCP ? SubSeven The "?"s indicate that I don't know the answer. The other question is: Some of these ports appear to need blocking on both source *and* destination port, UDP *and* TCP. (E.g.: Port 137.) Or not? I question some of the information sources. For performance reasons, I'd prefer not to add unnecessary filters. (Yes, I'm aware that, the router being a NAT router, maybe the ingress filters aren't strictly necessary. I like to play it safe, tho.) ISTM it would be Really Handy if somewhere there was a single, consolidated list like the above. Thanks, Jim -- Jim Seymour | PGP Public Key available at: jseymour () LinxNet com | http://www.uk.pgp.net/pgpnet/pks-commands.html http://jimsun.LinxNet.com | _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Ingress/Egress Filtering for MS-Win Boxen/Networks Jim Seymour (Nov 23)