sonuteklists
Technical User
I am conducting a network security audit. I ran port scans on all relevent servers and desktop. I used superscan. It revealed a great deal of information, mainly open ports. I googled and referred to as well
for more information regarding ports. Though I got all the information about the ports, I wanted more info based on users perspective and experience. Do the following ports pose any threat and how is it relevant (for both Windows and Linux)? Most of the servers in question are web servers, directory services (AD), Mail servers, etc. Note that all servers are patched to the latest with latest AV definitions.
TCP Ports
I found the following ports open on almost all Windows machines, web, mail, AD. What exactly does this do. I didnt
specifically open any of the following. Should I block access to this? What will happen if I do? Can anyone kindly explain as I dont fully comprehend the practical implication of these open ports.
135 -> DCE endpoint resolution.
445 -> Microsoft DS.
593 -> Http rpc ep map
8000 -> HTTP/iRDMI
1025 -> Network Blackjack
1026 -> MSTASK/ Remote Login network terminal
1027 -> ?
1029 -> ?
4444 -> AdSubtract/ NV Video Default
7777 -> cbt (I dont have Oracle App Server running anywhere)
1080 -> Socks
514 -> Remote Shell (on Solaris)
540 -> uucpd (on Solaris)
UDP Ports
2967 -> SSC-Agent
1434 -> MS SQL Monitor (though I dont have SQL running on these machines on which the ports are open)
Combination of TCP and UDP Ports on the same machine
TCP 4444 + 135 + UDP 69 -> according to, it is a bad combination of open ports on the same machine. I have some machines which have these combo, but seem to running soundly.
Can anyone advice me what is the best way to control the ports on Windows and Linux. On Windows I can use the native firewall to allow or disallow certain ports for the interface, but what I cant do is, if multiple IPs are assigned to a interface, then to allow or disallow certain ports per IP. Likewise for Linux!! Can anyone advice if this is the best way to go ???
Please advice. I would be eternally greatful if anyone could guide me on this. Links, how-tos, would be great as well.
Thanks.
for more information regarding ports. Though I got all the information about the ports, I wanted more info based on users perspective and experience. Do the following ports pose any threat and how is it relevant (for both Windows and Linux)? Most of the servers in question are web servers, directory services (AD), Mail servers, etc. Note that all servers are patched to the latest with latest AV definitions.
TCP Ports
I found the following ports open on almost all Windows machines, web, mail, AD. What exactly does this do. I didnt
specifically open any of the following. Should I block access to this? What will happen if I do? Can anyone kindly explain as I dont fully comprehend the practical implication of these open ports.
135 -> DCE endpoint resolution.
445 -> Microsoft DS.
593 -> Http rpc ep map
8000 -> HTTP/iRDMI
1025 -> Network Blackjack
1026 -> MSTASK/ Remote Login network terminal
1027 -> ?
1029 -> ?
4444 -> AdSubtract/ NV Video Default
7777 -> cbt (I dont have Oracle App Server running anywhere)
1080 -> Socks
514 -> Remote Shell (on Solaris)
540 -> uucpd (on Solaris)
UDP Ports
2967 -> SSC-Agent
1434 -> MS SQL Monitor (though I dont have SQL running on these machines on which the ports are open)
Combination of TCP and UDP Ports on the same machine
TCP 4444 + 135 + UDP 69 -> according to, it is a bad combination of open ports on the same machine. I have some machines which have these combo, but seem to running soundly.
Can anyone advice me what is the best way to control the ports on Windows and Linux. On Windows I can use the native firewall to allow or disallow certain ports for the interface, but what I cant do is, if multiple IPs are assigned to a interface, then to allow or disallow certain ports per IP. Likewise for Linux!! Can anyone advice if this is the best way to go ???
Please advice. I would be eternally greatful if anyone could guide me on this. Links, how-tos, would be great as well.
Thanks.
