Hi all,

Having noticed that Windows allows me to block ports
that I don't want in use, via the TCP filtering feature
in Network settings -> TCP -> properties -> advanced,
I now desire to block those ports and protocols which
I don't need. The question is which ones.

I use ftp, http, https, pop3, smtp, and dhcp. I periodically
also use the Real player.

Using the handy dandy Dave's port list, it seems that I need
the following (TCP) ports.

It's not clear to be when UDP are used by these services.

ftp : 20,21
http : 80
https : 443
pop3 : 110
smtp : 25

I'm not so sure about these:

dhcp : ???
real player : ???

Assuming that I can get a complete list, will this work?

Also, do I need to enable NetBIOS?

Thanks.

[ Post a follow-up to this message ]

Yef wrote:
> Hi all,
>
> Having noticed that Windows allows me to block ports
> that I don't want in use, via the TCP filtering feature
> in Network settings -> TCP -> properties -> advanced,
> I now desire to block those ports and protocols which
> I don't need. The question is which ones.
>
> I use ftp, http, https, pop3, smtp, and dhcp. I periodically
> also use the Real player.
>
> Using the handy dandy Dave's port list, it seems that I need
> the following (TCP) ports.
>
> It's not clear to be when UDP are used by these services.
>
> ftp : 20,21
> http : 80
> https : 443
> pop3 : 110
> smtp : 25

None of them use UDP, but don't forget the DNS service,
that uses 53/udp and 53/tcp (this one only for zone transfers).

> I'm not so sure about these:
>
> dhcp : ???
67/udp 68/udp

> real player : ???

I think it's 7070/tcp 554/tcp 1090/tcp, but I have not tested well.

> Assuming that I can get a complete list, will this work?

It should work.

> Also, do I need to enable NetBIOS?

Never let NetBIOS go in or out your machine and the Internet. It's
a big security problem if you do so. You have to stop it at the
firewall.

> Thanks.
>

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

[ Post a follow-up to this message ]

In article <39jcfjF5vtulmU2@individual.net>,
Jose Maria Lopez Hernandez  <jkerouac@bgsec.com> wrote:
:None of them use UDP, but don't forget the DNS service,
:that uses 53/udp and 53/tcp (this one only for zone transfers).

In theory, DNS is allowed to use TCP 53 at any time, even just for
queries. Common practice is that for queries it starts with UDP 53 and
only switches to TCP 53 for queries if the response had the "result was
truncated" flag set.

DNS uses TCP 53 for zone transfers not because going TCP is special but
because zone transfers are expected to require more than 512 bytes of
data being returned -- thus if you are running a DNS server and you do
not disallow random sites from attempting DNS transfers [thinking you
are safe because you block TCP 53] then someone can start a zone
transfer on UDP 53 and get back the first 1/2 KB worth.

I think I have also seen TCP 53 used internally for requests to
update the name or IP mapping (Microsoft Windows XP systems request
this by default even for systems with static IPs), but I would not
swear to it.
--
Entropy is the logarithm of probability   -- Boltzmann

[ Post a follow-up to this message ]

Walter Roberson wrote:
> In theory, DNS is allowed to use TCP 53 at any time, even just for
> queries. Common practice is that for queries it starts with UDP 53 and
> only switches to TCP 53 for queries if the response had the "result was
> truncated" flag set.
>
> DNS uses TCP 53 for zone transfers not because going TCP is special but
> because zone transfers are expected to require more than 512 bytes of
> data being returned -- thus if you are running a DNS server and you do
> not disallow random sites from attempting DNS transfers [thinking you
> are safe because you block TCP 53] then someone can start a zone
> transfer on UDP 53 and get back the first 1/2 KB worth.

This is very interesting, I've always thought that TCP was only
used for zone transfers.

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

[ Post a follow-up to this message ]

Jose Maria Lopez Hernandez wrote: 
>
> Never let NetBIOS go in or out your machine and the Internet. It's
> a big security problem if you do so. You have to stop it at the
> firewall.

Or disable NetBIOS over TCP/IP. NetBIOS can run as only protocol in the
network (if you have the protocol installed). The danger is the NetBios
over TCP/IP which has been vulnerable. Disable it then there should not
be any IP-NetBIOS traffic in the LAN.

Gerald

[ Post a follow-up to this message ]