Audited an ISA 2000 - part I

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Doug Fox (dfox168_at_hotmail.com)
Date: 11/04/04 

Date: Thu, 4 Nov 2004 17:55:06 -0500

Did an internal and an external port scan on a production ISA 2000 server
and found the following ports opened, but seems quite unusual. Any
comments/suggestions are appreciated.

The external scan, i.e., scanning the server from the internet, which
reported the following ports are open:

TCP Ports
110 (POP3)
135 (DCE endpoint resolution)
139 (NETBIOS Session Service)
515 (Spooler
1027 (unknown or ICQ?)
3372 (Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2)
10000 Webmin / Network Data Management Protocol

UDP Port:
137 (NETBIOS Name Service)

The internal scan, i.e., scanning the server's internal interface, the
result is:

TCP Ports
135 (DCE endpoint resolution) (also appears on the external interface.)
139 (NETBIOS Session Service) (also appears on the external interface.)
445 (Microsoft-DS)
515 (Spooler) (also appears on the external interface.)
1027 (unknown) (also appears on the external interface.)
1080 (socks)
1745 (ISA Server proxy autoconfig / remote winsock)
3372 (Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2) (also
appears on the external interface.)
8080 (HTTP/HTTP Proxy)
10000 Webmin / Network Data Management Protocol (also appears on the
external interface.)

UDP Ports
137 (NETBIOS Name Service)(also appears on the external interface.)
2967 (SSC-AGENT / Norton Anti-virus)

I

Relevant Pages

  • Re: SBS 2003 Single NIC firewall settings
    ... Then run the CEICW wizard from the Server management console ... > make a RAS VPN connection or access the company web site (which, ... > Internet and RRAS/VPN. ... > find where I go to open ports. ...
    (microsoft.public.windows.server.sbs)
  • Re: Attacker used MDM to gain access to client PCs
    ... VNC is pretty good (for internal use, dont open a port to the internet to ... If remote can goto server / remote pc and then connect to user pc, ... Visit www.grc.com and chose Shields Up to test which ports are open... ...
    (microsoft.public.windows.server.sbs)
  • Re: external ports
    ... SuperGumby [SBS MVP] wrote: ... interface and internet, get multiple IP's on the external side. ... subnet as external and see if the ports are accessible. ... These are enabled on the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to connect to RWW over internet
    ... We had ISA when we used SBS 2000, but he didn't install it when we upgraded. ... I checked with our T1 supplier and their router has all the ports opened. ... > communicate with the user on the internet. ... which secures communications from your server and a Web ...
    (microsoft.public.windows.server.sbs)
  • Re: I need help blocking music swapping services (by port numbers?)
    ... internet access for http or https because they will get ... If there is an internal email server, ... internet access through the firewall because all email ... If all ports at the firewall are -blocked- by default, ...
    (comp.security.firewalls)