|
Posted by J.S. on December 4, 2006, 1:40 am
Please log in for more thread options
Folks,
My netstat results show a connection from microsoft-ds to a port on my
server and another from that port to microsoft-ds. The microsoft site
doesn't seem to have much information about it.
Does this have any security implications?
Also, while looking for information on port 1383 I saw that the
description mentioned GW Hannaway Network License Manager. Is it ok to
have this port open on a windows 2003 server?
Thanks,
J.S.
|
|
Posted by Miha Pihler [MVP] on December 4, 2006, 4:14 am
Please log in for more thread options
Hi,
What information are you looking for? Microsoft-DS TCP port is TCP port 445.
This port is also commonly referred to as SMB or CIFS.
About 1383 port. Since Windows will often dynamically assign ports to
different services it is hard to tell what actually runs behind this port
(which service). Once way to find out is to run following command...
netstat -nb | more
It will display something like this...
TCP 10.10.190.74:1956 10.10.2.46:3389 ESTABLISHED 2072
[mstsc.exe]
This means that mstsc program is connecting from IP address 10.10.190.74 to
10.10.2.46 on TCP port 3389...
After you know which service is running on this port, you can decide if you
need it or if it can be shut down and disabled.
--
Mike
Microsoft MVP - Windows Security
show/hide quoted text
> Folks,
> My netstat results show a connection from microsoft-ds to a port on my
> server and another from that port to microsoft-ds. The microsoft site
> doesn't seem to have much information about it.
> Does this have any security implications?
> Also, while looking for information on port 1383 I saw that the
> description mentioned GW Hannaway Network License Manager. Is it ok to
> have this port open on a windows 2003 server?
> Thanks,
> J.S.
|
|
Posted by J.S. on December 4, 2006, 5:27 am
Please log in for more thread options Hi Mike,
Thanks for your response. I was just trying to figure out whether
something I saw in the netstat results was a likely security concern.
When I use only netstat the first two lines shows this:
Proto Local Address Foreign Address State
TCP myserver:microsoft-ds myserver:1383 Established
TCP myserver:1383 myserver:microsoft-ds Established
When I did netstat -nb | more, as you suggested I got this:
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:445 127.0.0.1:1383 ESTABLISHED 4
[System]
TCP 127.0.0.1:1383 127.0.0.1:445 ESTABLISHED 4
[System]
I am not sure why my localhost is connecting to itself. Could it be
because I am running a DNS server? (I know my questions must seem very
silly to those who actually know about this stuff).
Could you recommend any specific resources to learn more about Windows
2003 server security?
Thanks,
J.S.
Miha Pihler [MVP] wrote:
show/hide quoted text
> Hi,
>
> What information are you looking for? Microsoft-DS TCP port is TCP port 445.
> This port is also commonly referred to as SMB or CIFS.
>
> About 1383 port. Since Windows will often dynamically assign ports to
> different services it is hard to tell what actually runs behind this port
> (which service). Once way to find out is to run following command...
>
> netstat -nb | more
>
> It will display something like this...
>
> TCP 10.10.190.74:1956 10.10.2.46:3389 ESTABLISHED 2072
> [mstsc.exe]
>
> This means that mstsc program is connecting from IP address 10.10.190.74 to
> 10.10.2.46 on TCP port 3389...
>
> After you know which service is running on this port, you can decide if you
> need it or if it can be shut down and disabled.
>
|
|
Posted by Miha Pihler [MVP] on December 4, 2006, 3:05 pm
Please log in for more thread options Hi,
Here are some good articles and white papers on security...
http://www.microsoft.com/security/default.mspx
Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017&Product=winsvr2003
Threats and Countermeasures
http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch00.mspx
Windows Server 2003 Security Guide
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
--
Mike
Microsoft MVP - Windows Security
show/hide quoted text
> Hi Mike,
> Thanks for your response. I was just trying to figure out whether
> something I saw in the netstat results was a likely security concern.
> When I use only netstat the first two lines shows this:
> Proto Local Address Foreign Address State
> TCP myserver:microsoft-ds myserver:1383 Established
> TCP myserver:1383 myserver:microsoft-ds Established
> When I did netstat -nb | more, as you suggested I got this:
> Proto Local Address Foreign Address State PID TCP 127.0.0.1:445
> 127.0.0.1:1383 ESTABLISHED 4
> [System]
> TCP 127.0.0.1:1383 127.0.0.1:445 ESTABLISHED 4
> [System]
> I am not sure why my localhost is connecting to itself. Could it be
> because I am running a DNS server? (I know my questions must seem very
> silly to those who actually know about this stuff).
> Could you recommend any specific resources to learn more about Windows
> 2003 server security?
> Thanks,
> J.S.
> Miha Pihler [MVP] wrote:
>> Hi,
>> What information are you looking for? Microsoft-DS TCP port is TCP port
>> 445. This port is also commonly referred to as SMB or CIFS.
>> About 1383 port. Since Windows will often dynamically assign ports to
>> different services it is hard to tell what actually runs behind this port
>> (which service). Once way to find out is to run following command...
>> netstat -nb | more
>> It will display something like this...
>> TCP 10.10.190.74:1956 10.10.2.46:3389 ESTABLISHED
>> 2072
>> [mstsc.exe]
>> This means that mstsc program is connecting from IP address 10.10.190.74
>> to 10.10.2.46 on TCP port 3389...
>> After you know which service is running on this port, you can decide if
>> you need it or if it can be shut down and disabled.
>>
|
|
Posted by J.S. on December 4, 2006, 3:13 pm
Please log in for more thread options Thanks, Mike. I appreciate the links.
J.S.
Miha Pihler [MVP] wrote:
show/hide quoted text
> Hi,
>
> Here are some good articles and white papers on security...
>
> http://www.microsoft.com/security/default.mspx
>
> Service overview and network port requirements for the Windows Server system
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017&Product=winsvr2003
show/hide quoted text
>
> Threats and Countermeasures
>
http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch00.mspx
show/hide quoted text
>
> Windows Server 2003 Security Guide
>
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
show/hide quoted text
>
|
| Similar Threads | Posted | | Netstat weird results | February 25, 2009, 8:36 pm |
| W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!! | October 14, 2005, 1:20 pm |
| Windows 2000 Domain, Windows 2003 Enterprise CA | July 15, 2005, 2:07 pm |
| Windows 2008 CA can't issue to Windows 2003 server | June 25, 2008, 11:53 am |
| Windows server 2003 and Windows SBS Cost ? | August 25, 2005, 11:19 pm |
| Applying Windows 2003 policies to Windows XP | June 24, 2008, 2:34 pm |
| Windows 2003 PKI and Windows 2008 OCSP | January 20, 2009, 11:46 am |
| Windows 2008 CA in a Windows 2003 domain | July 31, 2009, 8:06 am |
| Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows Authentication? | September 5, 2006, 9:27 am |
| Windows 2003 PKI | August 23, 2005, 9:51 am |
|
XML Sitemap
> My netstat results show a connection from microsoft-ds to a port on my
> server and another from that port to microsoft-ds. The microsoft site
> doesn't seem to have much information about it.
> Does this have any security implications?
> Also, while looking for information on port 1383 I saw that the
> description mentioned GW Hannaway Network License Manager. Is it ok to
> have this port open on a windows 2003 server?
> Thanks,
> J.S.