Fw: WINS Replication Protocols

["Ahmed Ali" <ahmed () allied-chas com>]

many people have asked for details on NT/Exchange, so i
figured i'd send it to the group...

NetBIOS Session services: TCP 139
-takes care of file sharing, user manager, server manager,
event viewer. and most other
 management applets in the Administrative Tools common group
-can be handled with plug-gw on Gauntlet or GSP on Raptor
(or any similar generic TCP proxy)
-must NOT do any NAT or masquerading (otherwise, you'll get
a whole bunch of denies on the FW)

NetBIOS Name and Datagram Services: UDP 137,138 respectively
-name services are what translate the name of the computer
to IP address...WINS client
 to server stuff uses this
-datagram services are need for logins, trusts, pass through
validation and other admin type stuff
- must be handled with packet screen in gauntlet or similar
pass-through in other FWs
-also must NOT do any NAT

WINS Replication: TCP 42
-used for WINS servers to share name databases

Exchange stuff:
Exchange Client to server- you must do a registry hack on
the Exchange server to get this to work
-uses RPC endpoint mapper: TCP 135 then negotiates two high
ports, one for directory service and
 one for information store access
-add the following entries to registry

HIVE - HKEY_LOCAL_MACHINE
PATH -
SYSTEM\CurrentControlSet\Services\MSExchangeDS\Parameters
VALUE - TCP/IP port
TYPE - DWORD
- make sure to set the RADIX to decimal b4 you type the port
#

HIVE - HKEY_LOCAL_MACHINE
PATH -
SYSTEM\CurrentControlSet\Services\MSExchangeIS\Parameters
VALUE - TCP/IP port
TYPE - DWORD
- make sure to set the RADIX to decimal b4 you type the port
#

**note these two ports must be different

-plug-gw's or GSP's or whatever will take care of all three
of these ports
-once again , you must NOT do NAT
-this will also take care of the Exchange Administrator
application (unlike what the MS KB says)

Exchange Server to Server (in the same exchange site):
-this uses TCP 135 and native NT RPC's
-once again, another registry edit that limits the range of
ports available for NT RPCs must be done...
 not sure about that one exactly but i'll try to dig it up
-it can also be handled with a generic TCP proxy w/o NAT

Exchange Server to Server (in different exchange sites):
- you can use SMTP connectors
- you can use X.400 connectors (TCP 102...can be handled
with generic TCP proxy w/o NAT)
-if you are crazy, you can use Site connectors which use
native NT RPCs and can be handled as
 described above


***all of the above was verified on NT4.0 SP3 and both MS
Exchange 5.0 & 5.5

-ahmed


-----Original Message-----
From: Burden, James <JBurden () caiso com>
To: 'Ahmed Ali' <ahmed () allied-chas com>
Date: Thursday, March 12, 1998 4:17 PM
Subject: RE: WINS Replication Protocols


> Ahmed,
>
> I am currently researching installing a firewall in between
the NT
> servers and their clients.  Could you pass some of this
information my
> way?  I would greatly appreciate it.
>
> TIA,
> Jim
>
> James L. Burden
> Security Engineer
> California Independent System Operator
> Email - jburden () caiso com
> http://www.caiso.com
>
> Disclaimer:  The above represents my personal opinions and
not an
> official endorsement or position by the California ISO, my
current
> employer.  I reserve the right to disavow them at my
convenience.
> > -----Original Message-----
> > From: Ahmed Ali [SMTP:ahmed () allied-chas com]
> > Sent: Wednesday, March 11, 1998 5:01 AM
> > To: Oliver Wainwright; firewall-wizards () nfr net
> > Subject: Re: WINS Replication Protocols
> >
> > WINS replication uses TCP 42...i have had to detail the
> > ports for NT and Exchange recently, so if you need more,
let
> > me know.
> >
> > -----Original Message-----
> > From: Oliver Wainwright <wainwrio () ing-americas com>
> > To: firewall-wizards () nfr net <firewall-wizards () nfr net>
> > Date: Tuesday, March 10, 1998 11:30 PM
> > Subject: WINS Replication Protocols
> >
> >
> > > Gentlemen,
> > >
> > > We are in the process of developing an intranet security
> > profile which
> > > will consist of a template of applications/services
which
> > must be made
> > > available to our remote offices via our WAN. I have been
> > unable to find
> > > any documentation regarding a port and protocol for
> > Microsoft's WINS to
> > > WINS replication. WINS client name resolution is
performed
> > via UDP on
> > > port 137. I'm hoping WINS will run replication via TCP
on
> > port 137 as I
> > > prefer not to pass UDP traffice through our firewalls.
> > >
> > > Any guidance and or suggestions are greatly appreciated.
> > >
> > > TIA