Click here to get back home

TCP/UDP Port Security Troubleshooting
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
TCP/UDP Port Security Troubleshooting Dana L. Stille 10-20-2005
Posted by Dana L. Stille on October 20, 2005, 12:46 pm
Please log in for more thread options
 : quoted-printable

Can anyone point me to a good resource for determining what TCP and UDP =
ports have been disabled, and how they were disabled. I am trying to =
find out if a GPO is closing ports, but I am having a hard time locating =
where these settings would be located. Any help would be appreciated. =
Thanks!

--=20
DANA STILLE
------=_NextPart_000_0032_01C5D574.3B9A0780
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1515" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Can anyone point me to a good resource =
for=20
determining what TCP and UDP ports have been disabled, and how they were =

disabled. I am trying to find out if a GPO is closing ports, but I am =
having a=20
hard time locating where these settings would be located. Any help would =
be=20
appreciated. Thanks!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>DANA =
STILLE</FONT></DIV></BODY></HTML>

------=
Posted by Miha Pihler [MVP] on October 20, 2005, 8:41 pm
Please log in for more thread options
 : quoted-printable

Hi Dana,

TCP and UDP ports are used by different services. E.g. IIS uses TCP port =
80 by default. If you shut down IIS on the server it will also stop =
listening (it will close) TCP port 80.=20
So -- if you are looking at closing ports you first have to figure out =
what service is using it and do you need it. If you don't need the =
service you can simply shut it down using group policy.=20

Still -- you can never shut down all services and close all the ports. =
In this case you might want to think about using Windows Firewall and =
control it using Group Policy.

Help: Administering Windows Firewall with Group Policy
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Se=
rverHelp/2f56f19e-b9da-4530-8772-f37d2302255e.mspx

--=20
Mike
Microsoft MVP - Windows Security

Can anyone point me to a good resource for determining what TCP and =
UDP ports have been disabled, and how they were disabled. I am trying to =
find out if a GPO is closing ports, but I am having a hard time locating =
where these settings would be located. Any help would be appreciated. =
Thanks!

--=20
DANA STILLE
------=_NextPart_000_005A_01C5D5B6.AE934B60
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2769" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi Dana,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>TCP and UDP ports are used by different =
services.=20
E.g. IIS uses TCP port 80 by default. If you shut down IIS on the server =
it will=20
also stop listening (it will close) TCP port 80. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>So -- if you are looking at closing =
ports you first=20
have to figure out what service is using it and do you need it. If you =
don't=20
need the service you can simply shut it down using group policy. =
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Still -- you can never shut down all =
services and=20
close all the ports. In this case you might want to think about using =
Windows=20
Firewall and control it using Group Policy.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Help: Administering Windows Firewall =
with Group=20
Policy</DIV></FONT>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.microsoft.com/technet/prodtechnol/windowsserver2003/li=
brary/ServerHelp/2f56f19e-b9da-4530-8772-f37d2302255e.mspx">http://www.mi=
crosoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2f56=
f19e-b9da-4530-8772-f37d2302255e.mspx</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>Mike<BR>Microsoft MVP - =
Windows=20
Security</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Dana L. Stille" &lt;<A=20
=
wrote in=20
message <A=20
=
3756@tk2msftngp13.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Can anyone point me to a good =
resource for=20
determining what TCP and UDP ports have been disabled, and how they =
were=20
disabled. I am trying to find out if a GPO is closing ports, but I am =
having a=20
hard time locating where these settings would be located. Any help =
would be=20
appreciated. Thanks!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>DANA=20
STILLE</FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=
Posted by Steven L Umbach on October 21, 2005, 10:56 am
Please log in for more thread options
: quoted-printable

As Mike said ports are used by services and applications. Either the =
service or application can be stopped or the ports can be blocked via =
firewall or ipsec policy. If you do the command netstat -an and see the =
ports are listening or connected on the computer then he =
service/application is running and access to the ports are being blocked =
by firewall, ipsec policy, or tcp/ip filtering. To see if Group Policy =
is involved either by stopping services or using ipsec try running the =
Resultant Set of Policy mmc snapin for computers running Windows 2003 or =
XP Pro. For Windows 2000 computers you would have to use the support =
tool gpresult and may want to use the /v [gpresult /v>c:\myfile.txt to =
dump a report] switch to see what Group Policies and setting are being =
applied to the computer or users. --- Steve

http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;323276 --- =
Windows 2003 RSOP. It can also be run locally on an XP Pro computer.
Can anyone point me to a good resource for determining what TCP and =
UDP ports have been disabled, and how they were disabled. I am trying to =
find out if a GPO is closing ports, but I am having a hard time locating =
where these settings would be located. Any help would be appreciated. =
Thanks!

--=20
DANA STILLE
------=_NextPart_000_003E_01C5D62E.0D3E17E0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2722" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>As Mike said ports are used by services =
and=20
applications. Either the service or application can be stopped or the =
ports can=20
be blocked via firewall or ipsec policy. If you do the command netstat =
-an and=20
see the ports are listening or connected on the computer then he=20
service/application is running and access to the ports are being blocked =
by=20
firewall, ipsec policy, or tcp/ip filtering. To see if Group Policy is =
involved=20
either by stopping services or using ipsec try running the Resultant Set =
of=20
Policy mmc snapin for computers running Windows 2003 or XP Pro. For =
Windows 2000=20
computers you would have to use the support tool gpresult and may want =
to use=20
the /v [gpresult /v&gt;c:\myfile.txt to dump a report] switch to see =
what Group=20
Policies and setting are being applied to the computer or =
users.&nbsp;&nbsp; ---=20
Steve</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;323276"=
>http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;323276</A>&nbs=
p;=20
--- Windows 2003 RSOP. It can also be run locally on an XP Pro=20
computer.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Dana L. Stille" &lt;<A=20
=
wrote in=20
message <A=20
=
3756@tk2msftngp13.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Can anyone point me to a good =
resource for=20
determining what TCP and UDP ports have been disabled, and how they =
were=20
disabled. I am trying to find out if a GPO is closing ports, but I am =
having a=20
hard time locating where these settings would be located. Any help =
would be=20
appreciated. Thanks!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>DANA=20
STILLE</FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=
Posted by Roger Abell [MVP] on October 24, 2005, 7:45 am
Please log in for more thread options
Just as an added bit of info . . .
If you use resultant set of policy, trust it to let you know what
GPOs might be carrying IPsec policy to a specific machine.
Do not trust it to show you what IPsec policy is assigned to
the machine. Instead you need to rely on your own manual
documentation / change-control process as RSoP for IPsec
in an enterprise is severely broken.

Can anyone point me to a good resource for determining what TCP and UDP
ports have been disabled, and how they were disabled. I am trying to find
out if a GPO is closing ports, but I am having a hard time locating where
these settings would be located. Any help would be appreciated. Thanks!

--
DANA STILLE




Posted by Steven L Umbach on October 24, 2005, 11:45 am
Please log in for more thread options
Good point Roger! For those that are experiencing any troubles that they
believe may be ipsec related the link below from the domain isolation guide
is by far the best I know for troubleshooting Windows ipsec with some very
interesting scenarios that can be problematic. However it states somewhere I
believe that there is no available documentation to help interpret IKE
logging to the Oakley.log file.


http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecch7.mspx

> Just as an added bit of info . . .
> If you use resultant set of policy, trust it to let you know what
> GPOs might be carrying IPsec policy to a specific machine.
> Do not trust it to show you what IPsec policy is assigned to
> the machine. Instead you need to rely on your own manual
> documentation / change-control process as RSoP for IPsec
> in an enterprise is severely broken.
>
> Can anyone point me to a good resource for determining what TCP and UDP
> ports have been disabled, and how they were disabled. I am trying to find
> out if a GPO is closing ports, but I am having a hard time locating where
> these settings would be located. Any help would be appreciated. Thanks!
>
> --
> DANA STILLE
>




Similar ThreadsPosted
Port Number Security December 1, 2007, 10:08 am
port lockouts March 11, 2006, 1:13 pm
close 135 port two NIC October 5, 2006, 5:00 am
Authenticate USB PORT October 18, 2006, 6:49 am
Functions of Port 445? November 2, 2006, 11:35 pm
Port Disable January 2, 2007, 11:20 pm
telnet using port 443 February 28, 2007, 6:55 pm
PCAnywhere port forwarding ? September 23, 2005, 12:37 am
Which port to open on firewall? November 1, 2005, 1:44 pm
responses on port 41523 April 4, 2006, 4:16 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap