There is a great program for mapping all your open ports to Windows
processes:
http://www.sysinternals.com/files/tcpview.zip
This program is by noted Windows Expert Mark Russinovich. You don't even
have to install it. You just run the program and it maps all your TCP/UDP
endpoints to processes in real time. It's freeware and works great.
FYI,
<> Jim
-----Original Message-----
You know, I think this is more difficult than for border routers. The sheer
number of ports and aps/subsystems trying to use a given port on a Win2k box
(say, for example, an Exchange Server) is really hard for me to keep track
of. I invested a moderate amount of time researching to figure out what the
various ports were for, etc. and came nowhere close to getting to the bottom
of it, or feeling like I had it under control.
Lot of work. I've done it, and it seems like regularly some component pops
out of the woodwork and wants to talk to something on a port I don't
recognize. And then, as Steve mentions, you have a self-DOS for as long as
it takes for you to ammend the (growing) ruleset.
For me, implementing this on anything but a few internet-facing machines
ONLY is infeasible. Does anyone do Windows host-based firewalling on the
internal LAN or on a larger scale?
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 05 2003
Intro
