RE: Block access to ports
- From: "Mike Liddekee" <mliddekee@xxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 27 Aug 2003 09:38:01 -0500
That's correct. 135 is a critical port that is used by Windows and
numerous applications. Its something you should never have open to the
Internet. There are numerous ways to make outlook available to users
over the Internet without opening ports. However there is no way to
block this port internally on your network. You could certainly lock
down servers using tcp/ip filtering on each individual machine buts
that's time-consuming and its one of those things that is a mixed bag.
You could block everything except on the essentials but if you try to
rely on that alone and never do any more work, next week a hacker will
find a vulnerability in one of those essentials that you left open and
shut you down. Any company that's on the internet today and doesn't
have a properly configured firewall is just asking for trouble. But in
the same sense, you can't rely on a firewall alone. You have to have a
multi-teir security setup in place to order to maximize your level of
protection. It costs money but you need to weigh the costs of your
operations being down for hours or even days when someone sends you the
next nasty virus that you could have been protected from. Hindsight is
always 20-20.
Regards,
Mike Liddekee
Network Engineer
Humco Holding Group, Inc.
7400 Alumax Dr.
Texarkana, TX 75501
Ph: (903) 831-7808 ext 697
-----Original Message-----
From: Lloyd Williams [mailto:Williams@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 27, 2003 9:31 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Block access to ports
http://www.MSExchange.org/
I might not have a good understanding of how to handle ports, but is it
a fundamental problem that port 135 is one of the most vulnerable ports,
but it is also the port that exchange uses to communicate with Outlook.
So if you close down access to this port you are limiting your self to
use exchange just for POP IMAP and Web Access
Lloyd Williams
-----Original Message-----
From: Mike Liddekee [mailto:mliddekee@xxxxxxxxx]
Sent: Wednesday, August 27, 2003 9:52 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Block access to ports
http://www.MSExchange.org/
It all depends on your setup. If you're trying to block at the firewall
level, you need to determine what type firewall you're using and its
setup. Most firewalls (unless misconfigured) should be set up to not
allow any traffic in unless specifically allowed. If you're running a
router w/ NAT and no "real" firewall, then that's where most people get
burned. If anyone tells you NAT is a firewall, run the other direction
as fast as you can. The other way people I know have gotten burned on
the latest bug its that their outer perimeter is great but someone w/ a
laptop goes home, dials up, gets infected, goes back to work and plugs
in. These types of back doors will kill you every time. You can block
these ports for this one but the next virus that comes out will require
different ports, the next one will then require different ones, and so
on. It'll be a never ending game of cat and house. The thing to do is
to make sure things are locked down on your network to prevent these
types of events and that all the proper systems are in place. You still
can't guarantee yourself 100% (nothing in IT is 100%) but if you don't
have the systems in place you'll be fighting for days every time a new
event comes out. When I arrived at my current job we had none of these
in place. After months of fighting, we now how these things in place
and have had no viruses or Trojans of any type (knock on wood).
Regards,
Mike Liddekee
Network Engineer
Humco Holding Group, Inc.
7400 Alumax Dr.
Texarkana, TX 75501
Ph: (903) 831-7808 ext 697
-----Original Message-----
From: satish garimalla [mailto:satishgarimalla@xxxxxxxxxxx]
Sent: Wednesday, August 27, 2003 8:33 AM
To: [ExchangeList]
Subject: [exchangelist] Block access to ports
http://www.MSExchange.org/
Hi All,
I know this is a bit off the topic.But, we are having problems
with the recent virus attacks.We are in the process of eliminating this.
As recommended by symantic web site, Iam supposed to block access to TCP
port 4444 at the firewall level and also block tcp port 135 "DCOM RPC"
and UDP port 69 , "TFTP"
Can any body explain me how to do this as I am not so familiar with
this.All I want to know is that how to block these ports(from command
prompt ?? or from windows itself ??) Either may be the case, could you
please explain me the steps in doing so ...
Thanking you very much ,
Satish Garimalla
_____
Narain Karthikeyan. He's fast, really fast. Want to meet him?
<http://g.msn.com/8HMXENIN/2731??PS=>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mliddekee@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
williams@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mliddekee@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
