Re: Strange open ports on windows machines

[Kevin Steves <stevesk () sweden hp com>]

On Tue, 26 Oct 1999, David LeBlanc wrote:
: Putting a firewall in front of the machines (or a filtering router will
: generally do, depending) is ideal, but you do have a few more options than
: that.  There is a port filtering mechanism built in that has very limited
: functionality, but it is always there, and it will help - go into Control
: Panel, Network, Protocols, TCP/IP, Properties, Advanced, Security, and in
: there is a little dialog.  Set the TCP column to allow only certain ports,
: add the ports you want (e.g., 80), do the same for UDP.  The last one
: allows you to control protocols other than ICMP, UDP and TCP.  Also note
: that there is a registry toggle you can set (see regentry.hlp in resource
: kit) to turn off multicast if you like.
: 
: Next step up from there is to add RRAS, and use the filters in that, which
: are somewhat more versatile.

I tried to use the RRAS packet filtering mechanism recently and found it
extremely limited; some issues include:

o it doesn't seem to permit logging of even dropped packets
o no TCP ACK capability (ala cisco established)
o 0 is a wildcard for ICMP type and code (i.e., building a rule for
  echo-reply is impossible)

I did read the routemon command documentation, which has some errors
(states range of TCP and UDP ports is 0-255) so maybe some features
aren't covered clearly?