Security Basics mailing list archives
Securing a Win2k DNS server outside firewall...
From: "VNV Jeep" <vnvjeep () hotmail com>
Date: Fri, 06 Jun 2003 13:05:00 -0400
Hi All...I have 2 Windows 2000 DNS servers sitting on the outside of our firewall. They're vanilla installs of Win2k server, both running as member servers, locked down as much as possible, running a primary & secondary DNS configuration. When running a port scan against these servers, one of the only things that tends to worry me is that they both answer to port 135 RPC. I've tried to figure out a way to prevent that port from being available, but all I could find as far as answers go is that I'd need to run a firewall to block it. I did try running a small firewall on the servers, but ran into issues since DNS tends to use a myriad of dynamic ports when answering queries... Does anyone have any good ideas on how to lock down a Win2k server like this so that the only thing available as far as services go is DNS, and the replication thereof?
Thanks in advance for your advice... Take care, Mike _________________________________________________________________MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... David Gillett (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Richard Parry (Jun 06)
- Re: Securing a Win2k DNS server outside firewall... beartman (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... dave (Jun 06)
- <Possible follow-ups>
- RE: Securing a Win2k DNS server outside firewall... Bermingham, Bob (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Manuel Fernandes (Jun 09)
- RE: Securing a Win2k DNS server outside firewall... Minneker, Andrew L. (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Pascal Rossillon (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
(Thread continues...)