Firewall Wizards mailing list archives
Re: Strange open ports on windows machines
From: Kevin Steves <stevesk () sweden hp com>
Date: Tue, 23 Nov 1999 19:06:21 +0100 (CET)
On Tue, 26 Oct 1999, David LeBlanc wrote: : Putting a firewall in front of the machines (or a filtering router will : generally do, depending) is ideal, but you do have a few more options than : that. There is a port filtering mechanism built in that has very limited : functionality, but it is always there, and it will help - go into Control : Panel, Network, Protocols, TCP/IP, Properties, Advanced, Security, and in : there is a little dialog. Set the TCP column to allow only certain ports, : add the ports you want (e.g., 80), do the same for UDP. The last one : allows you to control protocols other than ICMP, UDP and TCP. Also note : that there is a registry toggle you can set (see regentry.hlp in resource : kit) to turn off multicast if you like. : : Next step up from there is to add RRAS, and use the filters in that, which : are somewhat more versatile. I tried to use the RRAS packet filtering mechanism recently and found it extremely limited; some issues include: o it doesn't seem to permit logging of even dropped packets o no TCP ACK capability (ala cisco established) o 0 is a wildcard for ICMP type and code (i.e., building a rule for echo-reply is impossible) I did read the routemon command documentation, which has some errors (states range of TCP and UDP ports is 0-255) so maybe some features aren't covered clearly?
Current thread:
- Re: Strange open ports on windows machines Kevin Steves (Nov 24)