Solved

Permit/Block Ports

Posted on 2009-05-11
2
410 Views
Last Modified: 2013-12-04

 Permit/Block Ports
I need to make sure that I have not opened extra ports that need to be blocked or there are ports that need to be opened in order to my domain controllers to function properly and securely.
I ran the command NBTSTAT -a  and got the following output.



Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    MyDomainController1:domain    MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kerberos  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:epmap     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:microsoft-ds  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:kpasswd   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:http-rpc-epmap  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldaps     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1026      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1027      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1259      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc   MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:msft-gc-ssl  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ms-wbt-server  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:5950      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:51000     MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:netbios-ssn  MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1370  ESTABLISHED
  TCP    MyDomainController1:1370      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1372      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1483      MyDomainController1.MyDomain.com:50000  ESTABLISHED
  TCP    MyDomainController1:1634      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1671      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1795      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1800      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1802      MyDomainController1.MyDomain.com:ldap  CLOSE_WAIT
  TCP    MyDomainController1:1977      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:2018      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2031      MyDomainController2.MyDomain.com:1025  TIME_WAIT
  TCP    MyDomainController1:2034      MyDomainController2.MyDomain.com:1025  ESTABLISHED
  TCP    MyDomainController1:ms-wbt-server  WS-ATOUATI:2004        ESTABLISHED
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:7628      MyDomainController1.MyDomain.com:2035  TIME_WAIT
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1372  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController1.MyDomain.com:1483  ESTABLISHED
  TCP    MyDomainController1:50000     MyDomainController2.MyDomain.com:1588  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1032  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1033  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:activesync  ESTABLISHED
  TCP    MyDomainController1:ldap      MyDomainController1.MyDomain.com:1257  ESTABLISHED
  TCP    MyDomainController1:1032      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1033      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:activesync  MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:1054      MyDomainController1.MyDomain.com:0  LISTENING
  TCP    MyDomainController1:1257      MyDomainController1.MyDomain.com:ldap  ESTABLISHED
  TCP    MyDomainController1:2032      MyDomainController1.MyDomain.com:microsoft-ds  TIME_WAIT
  UDP    MyDomainController1:microsoft-ds  *:*                    
  UDP    MyDomainController1:isakmp    *:*                    
  UDP    MyDomainController1:1029      *:*                    
  UDP    MyDomainController1:1036      *:*                    
  UDP    MyDomainController1:1037      *:*                    
  UDP    MyDomainController1:1038      *:*                    
  UDP    MyDomainController1:1041      *:*                    
  UDP    MyDomainController1:1042      *:*                    
  UDP    MyDomainController1:1045      *:*                    
  UDP    MyDomainController1:ipsec-msft  *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:kerberos  *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:netbios-ns  *:*                    
  UDP    MyDomainController1:netbios-dgm  *:*                    
  UDP    MyDomainController1:389       *:*                    
  UDP    MyDomainController1:kpasswd   *:*                    
  UDP    MyDomainController1:domain    *:*                    
  UDP    MyDomainController1:ntp       *:*                    
  UDP    MyDomainController1:1031      *:*                    
  UDP    MyDomainController1:1035      *:*                    
  UDP    MyDomainController1:1039      *:*                    
  UDP    MyDomainController1:1256      *:*                    
  UDP    MyDomainController1:1377      *:*                    
  UDP    MyDomainController1:1425      *:*                    
  UDP    MyDomainController1:ms-sna-server  *:*                    
  UDP    MyDomainController1:1576      *:*                    
  UDP    MyDomainController1:1633      *:*                    
  UDP    MyDomainController1:1794      *:*                    
  UDP    MyDomainController1:1924      *:*                    
0
Comment
Question by:jskfan
  • 2
2 Comments
 
LVL 6

Expert Comment

by:astralcomputing
ID: 24358676
first, to see what ports are open with the PID use the following command:

netstat -ano

you will need multiple ports for domain controllers, depending on how you have it setup. if you are putting this server behind a firewall, only open up the ports you want open to the internet, like port 80 for http.

if it is in a lan and not accessible from the internet, disable unnecessary services by running services.msc from the run box. if you don't need IIS, disable it. Disabling unneeded services is one key way to secure your DC.

Make sure you have an AV running and you have the basics covered.
0
 
LVL 6

Accepted Solution

by:
astralcomputing earned 500 total points
ID: 24358682
the nbtstat shows you what active connections you have right now, which, as you can see, can be alot on a DC. You want to know what ports are open and listening. use the netstat -ano command
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now