General Discussion | Dumbass Network Contractor

Author	Message	Time
Thing	I am taking over the maintenance of a small network of 20 workstations and one server. One of the first things I did was scan the server, which is connected directly to the Internet. Here is the result of that scan: [code]53/tcp open domain 88/tcp open kerberos-sec 111/tcp open sunrpc 135/tcp filtered loc-srv 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 389/tcp open ldap 445/tcp filtered microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1026/tcp open LSA-or-nterm 1029/tcp open ms-lsa 1103/tcp open xaudio 1401/tcp open goldleaf-licman 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3372/tcp open msdtc 3389/tcp open ms-term-serv 5800/tcp open vnc-http 5900/tcp open vnc Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds[/code] I shouldn't need to tell you that I'm going there today and put it behind a firewall, but I will anyway. I know what some of this stuff is but I am clueless as to what some of it is and how to turn it off. Your input is appreciated. Don't bust my balls about not knowing much about Winders security. /edit/The only things that needs to be running are Term Server and VNC.	May 23, 2003, 2:02 PM
CupHead	Oh goodness, and that's a windows machine. I suggest going through the list of Services (Control Panel -> Administrative Tools -> Computer Management -> Click on the Services Tree Node) and finding the corresponding services to each of those open ports. I suspect the majority will be named similarly to the port description and that the rest will be easily identified by other people who read the thread.	May 23, 2003, 2:15 PM
Yoni	Sysinternals makes a tool called TCPView. It can help you associate an open port (or a connection) with a process (something that Windows' netstat lacks). Process Explorer might come in handy as well.	May 23, 2003, 2:59 PM
Raven	Don't forget EtherPeek! Ofcourse, you'll need to download a happy version of Ether Peek, even though for your purposes, the trial version should work decently also.	May 23, 2003, 9:24 PM
Thing	Ehh I didn't get to mess with it today. I was too busy fixing the screwed up printing setup. Maybe next week.	May 24, 2003, 3:05 AM

Author

Message

Time

Thing

I am taking over the maintenance of a small network of 20 workstations and one server. One of the first things I did was scan the server, which is connected directly to the Internet. Here is the result of that scan:

[code]53/tcp open domain
88/tcp open kerberos-sec
111/tcp open sunrpc
135/tcp filtered loc-srv
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
389/tcp open ldap
445/tcp filtered microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1026/tcp open LSA-or-nterm
1029/tcp open ms-lsa
1103/tcp open xaudio
1401/tcp open goldleaf-licman
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3372/tcp open msdtc
3389/tcp open ms-term-serv
5800/tcp open vnc-http
5900/tcp open vnc
Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds[/code]
I shouldn't need to tell you that I'm going there today and put it behind a firewall, but I will anyway. I know what some of this stuff is but I am clueless as to what some of it is and how to turn it off.

Your input is appreciated. Don't bust my balls about not knowing much about Winders security.

/edit/The only things that needs to be running are Term Server and VNC.

May 23, 2003, 2:02 PM

CupHead

Oh goodness, and that's a windows machine. I suggest going through the list of Services (Control Panel -> Administrative Tools -> Computer Management -> Click on the Services Tree Node) and finding the corresponding services to each of those open ports. I suspect the majority will be named similarly to the port description and that the rest will be easily identified by other people who read the thread.

May 23, 2003, 2:15 PM

Yoni

Sysinternals makes a tool called TCPView. It can help you associate an open port (or a connection) with a process (something that Windows' netstat lacks).

Process Explorer might come in handy as well.

May 23, 2003, 2:59 PM

Raven

Don't forget EtherPeek! Ofcourse, you'll need to download a happy version of Ether Peek, even though for your purposes, the trial version should work decently also.

May 23, 2003, 9:24 PM

Thing

Ehh I didn't get to mess with it today. I was too busy fixing the screwed up printing setup. Maybe next week.

May 24, 2003, 3:05 AM

Valhalla Legends Forums Archive | General Discussion | Dumbass Network Contractor