Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Ingress/Egress Filtering for MS-Win Boxen/Networks

From: jseymour () LinxNet com (Jim Seymour)
Date: Sat, 22 Nov 2003 11:28:46 -0500 (EST)
Hi Wizzards,

Being as I run proxy firewalls at work and tightly control the LAN at
home, I haven't had to much worry about this--until now.  As it
happens: I stumbled into a small consulting gig that involves setting
up an Internet connection for a small business that's using all MS-Win
boxes.

Amongst other things: I would like to put packet filtering into their
NAT router as one security measure.  The problem is: Google'ing on the
subject, and compiling the results, leaves many questions.  Here's what
I have so far:

Port Blocking: Ingress

    Port    Proto     Dir   Explanation

    135       ?       dst   NetBIOS
    136       ?        ?       ?
    137      TCP      src   NetBIOS
    137      UDP      src   NetBIOS
    137      UDP      dst   NetBIOS
    138      UDP      dst   NetBIOS
    139      TCP      dst   NetBIOS
    443       ?        ?    CIFS?
    445      TCP      dst   MS-DS
    1433     TCP       ?    MS-SQL
    1434     UDP       ?    MS-SQL
    1900     UDP       ?    MS-DS/UPnP
    3389      ?        ?    Terminal Services
    5000      ?        ?    XP Universal PnP
    27374    TCP       ?    SubSeven

Port Blocking: Egress

    Port    Proto     Dir   Explanation

    135       ?        ?    NetBIOS
    136       ?        ?       ?
    137      UDP      src   NetBIOS
    137      TCP      dst   NetBIOS
    137      UDP      dst   NetBIOS
    138      UDP      src   NetBIOS
    138      TCP      dst   NetBIOS
    138      UDP      dst   NetBIOS
    139      UDP      src   NetBIOS
    139      TCP      dst   NetBIOS
    139      UDP      dst   NetBIOS
    445      TCP      dst   MS-DS
    1900     UDP       ?    MS-DS/UPnP
    27374    TCP       ?    SubSeven


The "?"s indicate that I don't know the answer.

The other question is: Some of these ports appear to need blocking on
both source *and* destination port, UDP *and* TCP.  (E.g.: Port 137.)
Or not?  I question some of the information sources.  For performance
reasons, I'd prefer not to add unnecessary filters.

(Yes, I'm aware that, the router being a NAT router, maybe the ingress
filters aren't strictly necessary.  I like to play it safe, tho.)

ISTM it would be Really Handy if somewhere there was a single,
consolidated list like the above.

Thanks,
Jim
-- 
Jim Seymour                  | PGP Public Key available at:
jseymour () LinxNet com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: