RE: Open ports to establish a one-way trust

["dave kleiman" <dave () isecureu com>]

Ju,

Here are the ones I know you need if applicable.  The MSFT site has a few
references on this.

42/TCP WINS Replication
53/TCP/UDP DNS
88/TCP/UDP Kerberos
135/TCP RPC
137/UDP NetBIOS Name
138/UDP NetBIOS Netlogon and Browsing
139/TCP NetBIOS Session
389/TCP/UDP LDAP
445/TCP SMB
636/TCP LDAP SSL
3268/TCP LDAP GC
3269/TCP LDAP GC SSL

Regards,
___________________________________________________
Dave Kleiman, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE

www.SecurityBreachResponse.com
www.ComputerForensicInvestigations.com

-----Original Message-----
From: Ju Ne [mailto:ddjjembe1 () hotmail com]
Sent: Tuesday, March 01, 2005 11:16
To: security-basics () securityfocus com
Subject: Open ports to establish a one-way trust

We have a domain in our WAN that needs an Active Directory one-way trust
established with our domain.  The change has been made in Active Directory
but we have been unable to test this new trust?  What ports need to be
opened at the firewall to allow this trust from a firewall perspective?  Are
any of the ports listed below required for this trust?

TCP 135  – Microsoft RPC
UDP 137 – Netbios-ns
UDP 138 – Netbios-dgm
TCP 139 – Netbios
TCP 42  - WINS, Nameserv
TCP/UDP 389- LDAP
TCP 636 - SLDAP
TCP 3268 - MSFT-GC
TCP 3269 -MSFT-GC-SSL
TCP/UDP 53 -DNS
TCP/UDP 88 - Kerberos, www
TCP 445 - SMB

Thanks,

Djembe

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/