Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securing a Win2k DNS server outside firewall...

From: beartman () thoughtworks com
Date: Fri, 6 Jun 2003 14:47:41 -0500
If it's a Win2K box....

In the Network properties of the NIC, double click TCP/IP, then click 
advanced.

Under the WINS tab, select the Disable NetBIOS over TCP/IP.  That should 
do the trick.




"VNV Jeep" <vnvjeep () hotmail com> 
06/06/2003 12:05 PM

To
security-basics () securityfocus com
cc

Subject
Securing a Win2k DNS server outside firewall...






Hi All...

I have 2 Windows 2000 DNS servers sitting on the outside of our firewall.
They're vanilla installs of Win2k server, both running as member servers,
locked down as much as possible, running a primary & secondary DNS
configuration.  When running a port scan against these servers, one of the
only things that tends to worry me is that they both answer to port 135 
RPC.
I've tried to figure out a way to prevent that port from being available,
but all I could find as far as answers go is that I'd need to run a 
firewall
to block it.  I did try running a small firewall on the servers, but ran
into issues since DNS tends to use a myriad of dynamic ports when 
answering
queries... Does anyone have any good ideas on how to lock down a Win2k
server like this so that the only thing available as far as services go is
DNS, and the replication thereof?

Thanks in advance for your advice...

Take care,
Mike

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: