Solved

Permit/Block Ports

Posted on 2009-05-11
2
411 Views
Last Modified: 2013-12-04

 Permit/Block Ports
I need to make sure that I have not opened extra ports that need to be blocked or there are ports that need to be opened in order to my domain controllers to function properly and securely.
I ran the command NBTSTAT -a  and got the following output.



Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    MyDomainController1:domain    MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kerberos  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:epmap     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:microsoft-ds  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kpasswd   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:http-rpc-epmap  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldaps     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1026      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1027      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1259      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc-ssl  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ms-wbt-server  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:5950      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:51000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:netbios-ssn  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1370  ESTABLISHED
  TCP    MyDomainController1:1370      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1372      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1483      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1634      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1671      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1795      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1800      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1802      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1977      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:2018      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2031      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2034      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:ms-wbt-server  WS-ATOUATI:2004        ESTABLISHED
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:2035  TIME_WAIT
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1372  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1483  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController2.MyDomain.com:1588  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1032  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1033  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:activesync  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1257  ESTABLISHED
  TCP    MyDomainController1:1032      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1033      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:activesync  MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1054      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1257      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:2032      MyDomainController1.MyDomain.com:microsoft-ds  TIME_WAIT
  UDP    MyDomainController1:microsoft-ds  *:*                    
  UDP    MyDomainController1:isakmp    *:*                    
  UDP    MyDomainController1:1029      *:*                    
  UDP    MyDomainController1:1036      *:*                    
  UDP    MyDomainController1:1037      *:*                    
  UDP    MyDomainController1:1038      *:*                    
  UDP    MyDomainController1:1041      *:*                    
  UDP    MyDomainController1:1042      *:*                    
  UDP    MyDomainController1:1045      *:*                    
  UDP    MyDomainController1:ipsec-msft  *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:kerberos  *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:netbios-ns  *:*                    
  UDP    MyDomainController1:netbios-dgm  *:*                    
  UDP    MyDomainController1:389       *:*                    
  UDP    MyDomainController1:kpasswd   *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:1031      *:*                    
  UDP    MyDomainController1:1035      *:*                    
  UDP    MyDomainController1:1039      *:*                    
  UDP    MyDomainController1:1256      *:*                    
  UDP    MyDomainController1:1377      *:*                    
  UDP    MyDomainController1:1425      *:*                    
  UDP    MyDomainController1:ms-sna-server  *:*                    
  UDP    MyDomainController1:1576      *:*                    
  UDP    MyDomainController1:1633      *:*                    
  UDP    MyDomainController1:1794      *:*                    
  UDP    MyDomainController1:1924      *:*                    
0
Comment
Question by:jskfan
  • 2
2 Comments
 
LVL 6

Expert Comment

by:astralcomputing
ID: 24358676
first, to see what ports are open with the PID use the following command:

netstat -ano

you will need multiple ports for domain controllers, depending on how you have it setup. if you are putting this server behind a firewall, only open up the ports you want open to the internet, like port 80 for http.

if it is in a lan and not accessible from the internet, disable unnecessary services by running services.msc from the run box. if you don't need IIS, disable it. Disabling unneeded services is one key way to secure your DC.

Make sure you have an AV running and you have the basics covered.
0
 
LVL 6

Accepted Solution

by:
astralcomputing earned 500 total points
ID: 24358682
the nbtstat shows you what active connections you have right now, which, as you can see, can be alot on a DC. You want to know what ports are open and listening. use the netstat -ano command
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
OfficeMate Freezes on login or does not load after login credentials are input.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now