Educause Security Discussion mailing list archives
Re: DHS --> Updated MS Advisory
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 1 Aug 2003 13:11:16 -0400
Barros, Jacob wrote:
DHS and Microsoft further suggest that Internet Service Providers and network administrators consider blocking TCP and UDP ports 135, 139, and 445 for inbound connections unless absolutely needed for business or operational purposes. Can anyone say that they have done this and what are any reprocussions you've felt? I might be missing something in my research but is there any traffic on those ports that I might care about? Will this effect OWA?
Hi, We have blocked the netbios ports (137-139) since around 1996, the 445 netbios port since Windows 2000 was released, and port 135 since last Fall. I think we got away with the netbios block because we did it before it was in wide use and nobody missed it. :) We also blocked 593 a couple weeks ago without repercussions. We opened holes for port 135 to official exchange servers. Last week we closed all but one of those when the administrators informed me that OWA and IMAP access didn't need it...only MAPI. They haven't called back asking that the holes be opened so I guess they're running fine. There are other applications that may be affected by a port 135 block. I've got some information on them in the Caveats section at: http://www.jmu.edu/computing/security/info/winmsg.shtml#block The best thing to do when you are contemplating blocking a port is to specifically allow it for a while with logging enabled and see what's talking. For example: access-list 100 permit tcp any any eq 135 log If you need to make exceptions, make sure the targets have been patched. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- DHS --> Updated MS Advisory Bruhn, Mark S. (Jul 31)
- <Possible follow-ups>
- Re: DHS --> Updated MS Advisory Barros, Jacob (Aug 01)
- Re: DHS --> Updated MS Advisory Tim St. Laurent (Aug 01)
- Re: DHS --> Updated MS Advisory Gary Flynn (Aug 01)
- Re: DHS --> Updated MS Advisory Omar Herrera (Aug 01)
- Re: DHS --> Updated MS Advisory Barros, Jacob (Aug 01)
- Re: DHS --> Updated MS Advisory Bruhn, Mark S. (Aug 06)