Solved

Permit/Block Ports

Posted on 2009-05-11
2
415 Views
Last Modified: 2013-12-04

 Permit/Block Ports
I need to make sure that I have not opened extra ports that need to be blocked or there are ports that need to be opened in order to my domain controllers to function properly and securely.
I ran the command NBTSTAT -a  and got the following output.



Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    MyDomainController1:domain    MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kerberos  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:epmap     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:microsoft-ds  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kpasswd   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:http-rpc-epmap  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldaps     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1026      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1027      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1259      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc-ssl  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ms-wbt-server  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:5950      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:51000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:netbios-ssn  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1370  ESTABLISHED
  TCP    MyDomainController1:1370      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1372      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1483      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1634      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1671      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1795      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1800      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1802      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1977      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:2018      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2031      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2034      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:ms-wbt-server  WS-ATOUATI:2004        ESTABLISHED
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:2035  TIME_WAIT
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1372  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1483  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController2.MyDomain.com:1588  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1032  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1033  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:activesync  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1257  ESTABLISHED
  TCP    MyDomainController1:1032      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1033      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:activesync  MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1054      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1257      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:2032      MyDomainController1.MyDomain.com:microsoft-ds  TIME_WAIT
  UDP    MyDomainController1:microsoft-ds  *:*                    
  UDP    MyDomainController1:isakmp    *:*                    
  UDP    MyDomainController1:1029      *:*                    
  UDP    MyDomainController1:1036      *:*                    
  UDP    MyDomainController1:1037      *:*                    
  UDP    MyDomainController1:1038      *:*                    
  UDP    MyDomainController1:1041      *:*                    
  UDP    MyDomainController1:1042      *:*                    
  UDP    MyDomainController1:1045      *:*                    
  UDP    MyDomainController1:ipsec-msft  *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:kerberos  *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:netbios-ns  *:*                    
  UDP    MyDomainController1:netbios-dgm  *:*                    
  UDP    MyDomainController1:389       *:*                    
  UDP    MyDomainController1:kpasswd   *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:1031      *:*                    
  UDP    MyDomainController1:1035      *:*                    
  UDP    MyDomainController1:1039      *:*                    
  UDP    MyDomainController1:1256      *:*                    
  UDP    MyDomainController1:1377      *:*                    
  UDP    MyDomainController1:1425      *:*                    
  UDP    MyDomainController1:ms-sna-server  *:*                    
  UDP    MyDomainController1:1576      *:*                    
  UDP    MyDomainController1:1633      *:*                    
  UDP    MyDomainController1:1794      *:*                    
  UDP    MyDomainController1:1924      *:*                    
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 6

Expert Comment

by:astralcomputing
ID: 24358676
first, to see what ports are open with the PID use the following command:

netstat -ano

you will need multiple ports for domain controllers, depending on how you have it setup. if you are putting this server behind a firewall, only open up the ports you want open to the internet, like port 80 for http.

if it is in a lan and not accessible from the internet, disable unnecessary services by running services.msc from the run box. if you don't need IIS, disable it. Disabling unneeded services is one key way to secure your DC.

Make sure you have an AV running and you have the basics covered.
0
 
LVL 6

Accepted Solution

by:
astralcomputing earned 500 total points
ID: 24358682
the nbtstat shows you what active connections you have right now, which, as you can see, can be alot on a DC. You want to know what ports are open and listening. use the netstat -ano command
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question