Permit/Block Ports

Posted on 2009-05-11
Medium Priority
Last Modified: 2013-12-04

 Permit/Block Ports
I need to make sure that I have not opened extra ports that need to be blocked or there are ports that need to be opened in order to my domain controllers to function properly and securely.
I ran the command NBTSTAT -a  and got the following output.

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    MyDomainController1:domain    MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kerberos  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:epmap     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:microsoft-ds  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kpasswd   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:http-rpc-epmap  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldaps     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1026      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1027      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1259      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc-ssl  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ms-wbt-server  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:5950      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:51000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:netbios-ssn  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1370  ESTABLISHED
  TCP    MyDomainController1:1370      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1372      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1483      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1634      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1671      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1795      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1800      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1802      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1977      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:2018      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2031      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2034      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:ms-wbt-server  WS-ATOUATI:2004        ESTABLISHED
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:2035  TIME_WAIT
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1372  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1483  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController2.MyDomain.com:1588  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1032  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1033  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:activesync  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1257  ESTABLISHED
  TCP    MyDomainController1:1032      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1033      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:activesync  MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1054      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1257      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:2032      MyDomainController1.MyDomain.com:microsoft-ds  TIME_WAIT
  UDP    MyDomainController1:microsoft-ds  *:*                    
  UDP    MyDomainController1:isakmp    *:*                    
  UDP    MyDomainController1:1029      *:*                    
  UDP    MyDomainController1:1036      *:*                    
  UDP    MyDomainController1:1037      *:*                    
  UDP    MyDomainController1:1038      *:*                    
  UDP    MyDomainController1:1041      *:*                    
  UDP    MyDomainController1:1042      *:*                    
  UDP    MyDomainController1:1045      *:*                    
  UDP    MyDomainController1:ipsec-msft  *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:kerberos  *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:netbios-ns  *:*                    
  UDP    MyDomainController1:netbios-dgm  *:*                    
  UDP    MyDomainController1:389       *:*                    
  UDP    MyDomainController1:kpasswd   *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:1031      *:*                    
  UDP    MyDomainController1:1035      *:*                    
  UDP    MyDomainController1:1039      *:*                    
  UDP    MyDomainController1:1256      *:*                    
  UDP    MyDomainController1:1377      *:*                    
  UDP    MyDomainController1:1425      *:*                    
  UDP    MyDomainController1:ms-sna-server  *:*                    
  UDP    MyDomainController1:1576      *:*                    
  UDP    MyDomainController1:1633      *:*                    
  UDP    MyDomainController1:1794      *:*                    
  UDP    MyDomainController1:1924      *:*                    
Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

ID: 24358676
first, to see what ports are open with the PID use the following command:

netstat -ano

you will need multiple ports for domain controllers, depending on how you have it setup. if you are putting this server behind a firewall, only open up the ports you want open to the internet, like port 80 for http.

if it is in a lan and not accessible from the internet, disable unnecessary services by running services.msc from the run box. if you don't need IIS, disable it. Disabling unneeded services is one key way to secure your DC.

Make sure you have an AV running and you have the basics covered.

Accepted Solution

astralcomputing earned 2000 total points
ID: 24358682
the nbtstat shows you what active connections you have right now, which, as you can see, can be alot on a DC. You want to know what ports are open and listening. use the netstat -ano command

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question