Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Ingress/Egress Filtering for MS-Win Boxen/Networks
From: jseymour () LinxNet com (Jim Seymour)
Date: Sat, 22 Nov 2003 11:28:46 -0500 (EST)
Hi Wizzards,

Being as I run proxy firewalls at work and tightly control the LAN at
home, I haven't had to much worry about this--until now.  As it
happens: I stumbled into a small consulting gig that involves setting
up an Internet connection for a small business that's using all MS-Win
boxes.

Amongst other things: I would like to put packet filtering into their
NAT router as one security measure.  The problem is: Google'ing on the
subject, and compiling the results, leaves many questions.  Here's what
I have so far:

Port Blocking: Ingress

    Port    Proto     Dir   Explanation

    135       ?       dst   NetBIOS
    136       ?        ?       ?
    137      TCP      src   NetBIOS
    137      UDP      src   NetBIOS
    137      UDP      dst   NetBIOS
    138      UDP      dst   NetBIOS
    139      TCP      dst   NetBIOS
    443       ?        ?    CIFS?
    445      TCP      dst   MS-DS
    1433     TCP       ?    MS-SQL
    1434     UDP       ?    MS-SQL
    1900     UDP       ?    MS-DS/UPnP
    3389      ?        ?    Terminal Services
    5000      ?        ?    XP Universal PnP
    27374    TCP       ?    SubSeven

Port Blocking: Egress

    Port    Proto     Dir   Explanation

    135       ?        ?    NetBIOS
    136       ?        ?       ?
    137      UDP      src   NetBIOS
    137      TCP      dst   NetBIOS
    137      UDP      dst   NetBIOS
    138      UDP      src   NetBIOS
    138      TCP      dst   NetBIOS
    138      UDP      dst   NetBIOS
    139      UDP      src   NetBIOS
    139      TCP      dst   NetBIOS
    139      UDP      dst   NetBIOS
    445      TCP      dst   MS-DS
    1900     UDP       ?    MS-DS/UPnP
    27374    TCP       ?    SubSeven


The "?"s indicate that I don't know the answer.

The other question is: Some of these ports appear to need blocking on
both source *and* destination port, UDP *and* TCP.  (E.g.: Port 137.)
Or not?  I question some of the information sources.  For performance
reasons, I'd prefer not to add unnecessary filters.

(Yes, I'm aware that, the router being a NAT router, maybe the ingress
filters aren't strictly necessary.  I like to play it safe, tho.)

ISTM it would be Really Handy if somewhere there was a single,
consolidated list like the above.

Thanks,
Jim
-- 
Jim Seymour                  | PGP Public Key available at:
jseymour () LinxNet com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
  • Ingress/Egress Filtering for MS-Win Boxen/Networks Jim Seymour (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]