These are the ports open on my DC, maybe this can help?
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
691/tcp open resvc
993/tcp open imaps
995/tcp open pop3s
1026/tcp open LSA-or-nterm
1029/tcp open ms-lsa
1076/tcp open sns_credit
1084/tcp open ansoft-lm-2
1109/tcp open kpop
3052/tcp open PowerChute
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3372/tcp open msdtc
6101/tcp open VeritasBackupExec
38292/tcp open landesk-cba
Sincerely,
Mike Fetherston
PS> Yes, I know.. mail and web on a DC.. bad bad pooh pooh.. budget
constraints dictated this...
> -----Original Message-----
> From: Ju Ne [mailto:ddjjembe1_at_hotmail.com]
> Sent: Tuesday, March 01, 2005 11:16 AM
> To: security-basics_at_securityfocus.com
> Subject: Open ports to establish a one-way trust
>
> We have a domain in our WAN that needs an Active Directory
> one-way trust established with our domain. The change has been made
in
> Active Directory but we have been unable to test this new trust? What
> ports
> need to be opened at the firewall to allow this trust from a firewall
> perspective? Are any of the ports listed below required for this
trust?
>
> TCP 135 - Microsoft RPC
> UDP 137 - Netbios-ns
> UDP 138 - Netbios-dgm
> TCP 139 - Netbios
> TCP 42 - WINS, Nameserv
> TCP/UDP 389- LDAP
> TCP 636 - SLDAP
> TCP 3268 - MSFT-GC
> TCP 3269 -MSFT-GC-SSL
> TCP/UDP 53 -DNS
> TCP/UDP 88 - Kerberos, www
> TCP 445 - SMB
>
> Thanks,
>
> Djembe
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar - get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Received on Mar 02 2005
Intro
