Security Basics mailing list archives
RE: Windows 2000 server ports, services to close.
From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Thu, 14 Oct 2004 06:56:29 -0400
Brent, Ports 135,139 and 445 are used by Microsoft networking. You probably want to keep these on. 1433 is used by MS SQL Server again you probably want to keep this on. I am assuming this is a Compaq box and is running the Compaq diagnostic service. If you are not using this service, you can turn it off and this will clos port 2301. 3052 is used by your powerChute software. 3389 is usd to create a remote desktop to this machine. If you do not manage this machine remotely, you can turn off this service. 6101 and 6103 are used by BackupExec. Are you backing up this machine over the network? If you you want to leave these open. 1025,1026 and 3372 I am not sure about. Since you are running Windows 2000, you might want to look at fport from www.foundstone.com. If you run this on the Windows machine, you will be able to see what programs are listening on which ports. This will help you track down these remaining three ports. Dennis
-----Original Message----- From: Brent Clark [mailto:bclark () rocketseed us] Sent: Wednesday, October 13, 2004 3:17 AM To: security-basics () securityfocus com Subject: Windows 2000 server ports, services to close. Hi all Could someone please advise me on how and what ports do I have to shutdown for a Microsoft Wintendo 2000 server. If anyone has a link, URL, doc, etc to advise me, it would be soo apprecaited On my linux box I run and port scan and these are what I found (Quite scary actually, im soo glad that into Linux) ============================================================== ============== ================= Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-13 09:12 SAST Initiating SYN Stealth Scan against ctsql (192.168.111.123) [1660 ports] at 09:12 Discovered open port 3389/tcp on 192.168.111.123 Discovered open port 6103/tcp on 192.168.111.123 Discovered open port 3052/tcp on 192.168.111.123 Discovered open port 135/tcp on 192.168.111.123 Discovered open port 445/tcp on 192.168.111.123 Discovered open port 6101/tcp on 192.168.111.123 Discovered open port 1433/tcp on 192.168.111.123 Discovered open port 139/tcp on 192.168.111.123 Discovered open port 3372/tcp on 192.168.111.123 Discovered open port 2301/tcp on 192.168.111.123 Discovered open port 1026/tcp on 192.168.111.123 Discovered open port 1025/tcp on 192.168.111.123 The SYN Stealth Scan took 1.59s to scan 1660 total ports. For OSScan assuming that port 135 is open and port 1 is closed and neither are firewalled Host ctsql (192.168.111.123) appears to be up ... good. Interesting ports on ctsql (192.168.111.123): (The 1648 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1433/tcp open ms-sql-s 2301/tcp open compaqdiag 3052/tcp open PowerChute 3372/tcp open msdtc 3389/tcp open ms-term-serv 6101/tcp open VeritasBackupExec 6103/tcp open RETS-or-BackupExec MAC Address: 00:0F:20:98:2B:8B (Hewlett Packard) Device type: general purpose Running: Microsoft Windows 95/98/ME|NT/2K/XP OS details: Microsoft Windows Millennium Edition (Me), Windows 2000 Professional or Advanced Server, or Windows XP TCP Sequence Prediction: Class=random positive increments Difficulty=9327 (Worthy challenge) IPID Sequence Generation: Busy server or unknown class Nmap run completed -- 1 IP address (1 host up) scanned in 3.449 seconds ============================================================== ============== =============== Kind Regards and thanks in advance Brent Clark
Current thread:
- Re: Windows 2000 server ports, services to close. Pablo Hauser (Oct 13)
- <Possible follow-ups>
- Windows 2000 server ports, services to close. Brent Clark (Oct 13)
- Re: Windows 2000 server ports, services to close. Ansgar -59cobalt- Wiechers (Oct 14)
- Re: Windows 2000 server ports, services to close. VHP3 (Oct 14)
- RE: Windows 2000 server ports, services to close. Robert Hines (Oct 14)
- Re: Windows 2000 server ports, services to close. Don Parker (Oct 14)
- Re: Windows 2000 server ports, services to close. Ansgar -59cobalt- Wiechers (Oct 15)
- RE: Windows 2000 server ports, services to close. Depp, Dennis M. (Oct 14)
- Re: Windows 2000 server ports, services to close. H Carvey (Oct 14)
- RE: Windows 2000 server ports, services to close. Bénoni MARTIN (Oct 14)
- Re: Re: Windows 2000 server ports, services to close. Pablo Hauser (Oct 14)
- RE: Windows 2000 server ports, services to close. Bénoni MARTIN (Oct 14)