Security Basics mailing list archives

RE: Open ports to establish a one-way trust

From: "Mike" <mike_sha () shaw ca>
Date: Wed, 2 Mar 2005 08:26:34 -0500

These are the ports open on my DC, maybe this can help?

PORT      STATE SERVICE
25/tcp    open  smtp
53/tcp    open  domain
80/tcp    open  http
88/tcp    open  kerberos-sec
110/tcp   open  pop3
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
143/tcp   open  imap
389/tcp   open  ldap
443/tcp   open  https
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
691/tcp   open  resvc
993/tcp   open  imaps
995/tcp   open  pop3s
1026/tcp  open  LSA-or-nterm
1029/tcp  open  ms-lsa
1076/tcp  open  sns_credit
1084/tcp  open  ansoft-lm-2
1109/tcp  open  kpop
3052/tcp  open  PowerChute
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
3372/tcp  open  msdtc
6101/tcp  open  VeritasBackupExec
38292/tcp open  landesk-cba

Sincerely,

Mike Fetherston

PS>  Yes, I know.. mail and web on a DC.. bad bad pooh pooh..  budget
constraints dictated this...

-----Original Message-----
From: Ju Ne [mailto:ddjjembe1 () hotmail com]
Sent: Tuesday, March 01, 2005 11:16 AM
To: security-basics () securityfocus com
Subject: Open ports to establish a one-way trust

We have a domain in our WAN that needs an Active Directory
one-way trust established with our domain.  The change has been made

in

Active Directory but we have been unable to test this new trust?  What
ports
need to be opened at the firewall to allow this trust from a firewall
perspective?  Are any of the ports listed below required for this

trust?


TCP 135  - Microsoft RPC
UDP 137 - Netbios-ns
UDP 138 - Netbios-dgm
TCP 139 - Netbios
TCP 42  - WINS, Nameserv
TCP/UDP 389- LDAP
TCP 636 - SLDAP
TCP 3268 - MSFT-GC
TCP 3269 -MSFT-GC-SSL
TCP/UDP 53 -DNS
TCP/UDP 88 - Kerberos, www
TCP 445 - SMB

Thanks,

Djembe

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Current thread:

Open ports to establish a one-way trust Ju Ne (Mar 01)
- RE: Open ports to establish a one-way trust dave kleiman (Mar 02)
- <Possible follow-ups>
- Re: Open ports to establish a one-way trust Eric McCarty (Mar 02)
- RE: Open ports to establish a one-way trust Depp, Dennis M. (Mar 02)
- RE: Open ports to establish a one-way trust Mike (Mar 02)