Normal open ports on windows machines

[Alan Ramsbottom <ACR () als co uk>]

There's been an update to ipFilters.xls (Excel spreadsheet) on the MS ftp
site. It contains a fairly useful list of ports used by Windows NT, MS and a
couple of other folk's applications. Look in their Internet Services Network
directory:

  ftp://ftp.microsoft.com/services/isn/ossbss/security/

A friendly version of the same would make a welcome addition to the MS
security site..

..as would things like the (alleged) premier support customers only Knowlege
Base article Q154596: Limiting the RPC ports used by DMZ NT Systems through
a firewall. Holding back such obviously useful security articles does seem
to undermine MS claims of concern for their customer's security. 

I'm not rich enough to know if the solution is documented in the above
article, so has anyone suceeded in forcing NT RPC services to use a fixed
range of ports via the relevant RPC registry settings? I tried that once on
an IIS box, in an attempt to ensure any open RPC ports were guaranteed to
fall within a filtered range. Iirc, it partly worked but some other bad
things happened.

-Alan-