Security Basics mailing list archives
Re: Securing a Win2k DNS server outside firewall...
From: beartman () thoughtworks com
Date: Fri, 6 Jun 2003 14:47:41 -0500
If it's a Win2K box.... In the Network properties of the NIC, double click TCP/IP, then click advanced. Under the WINS tab, select the Disable NetBIOS over TCP/IP. That should do the trick. "VNV Jeep" <vnvjeep () hotmail com> 06/06/2003 12:05 PM To security-basics () securityfocus com cc Subject Securing a Win2k DNS server outside firewall... Hi All... I have 2 Windows 2000 DNS servers sitting on the outside of our firewall. They're vanilla installs of Win2k server, both running as member servers, locked down as much as possible, running a primary & secondary DNS configuration. When running a port scan against these servers, one of the only things that tends to worry me is that they both answer to port 135 RPC. I've tried to figure out a way to prevent that port from being available, but all I could find as far as answers go is that I'd need to run a firewall to block it. I did try running a small firewall on the servers, but ran into issues since DNS tends to use a myriad of dynamic ports when answering queries... Does anyone have any good ideas on how to lock down a Win2k server like this so that the only thing available as far as services go is DNS, and the replication thereof? Thanks in advance for your advice... Take care, Mike _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... David Gillett (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Richard Parry (Jun 06)
- Re: Securing a Win2k DNS server outside firewall... beartman (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... dave (Jun 06)
- <Possible follow-ups>
- RE: Securing a Win2k DNS server outside firewall... Bermingham, Bob (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Manuel Fernandes (Jun 09)
- RE: Securing a Win2k DNS server outside firewall... Minneker, Andrew L. (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Pascal Rossillon (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... type_o (Jun 09)