Re: file sharing issue
From: Dmitry Korolyov [MVP] (d__k_at_removethispart.mail.ru)
Date: 04/06/04
- Next message: Dmitry Korolyov [MVP]: "Re: change to a user object causes full or partial AD replication?"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: change to a user object causes full or partial AD replication?"
- In reply to: Frodo: "Re: file sharing issue"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 6 Apr 2004 16:41:45 -0700
Generally speaking, disabling Netbios won't allow you to achieve what you
want, plus, it is not a good idea to do hardening at a client side. You
should do it at the server side instead.
Following KB articles might help with the detailed port numbers:
http://support.microsoft.com/default.aspx?scid=kb;en-us;204279
http://support.microsoft.com/default.aspx?scid=kb;en-us;298804
Quote from the last one:
The following ports are associated with file sharing and server message
block (SMB) communications:
a.. Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from
135 through 139 and Transmission Control Protocol (TCP) ports from 135
through 139.
b.. Direct-hosted SMB traffic without network basic input/output system
(NetBIOS) uses port 445 (TCP and UPD).
-- Dmitry Korolyov [d__k@removethispart.mail.ru] MVP: Windows Server - Active Directory "Frodo" <lyekw@cannonfareast.com> wrote in message news:OawKbM%23GEHA.912@TK2MSFTNGP12.phx.gbl... > Thanks for your reply. > Can u elaborate in more details which are the ports should I filter under > RRAS. > I don't think i can filter entire subnet/network because all my servers > residing > within the same subnet/network. > Another alternative, if i disabled the netbios under the VPN connection at > client notebook, will it prevent them from accessing the resources?? > > Thanks. > > > "Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message > news:u5ne6yvGEHA.3556@TK2MSFTNGP11.phx.gbl... >> Yes, you will need to use packet filtering then. If you have routing set > up >> for your VPN connection, just removing "file and printer sharing" >> protocol >> from VPN connection itself won't do any good - since you have a lan > address >> for that server and file and printer sharing is bound to than lan >> address, >> VPN users will be able to use that address instead. >> So you should block inbound packets with destination port 445 and network >> address being the lan address of that server or entire subnet. This can >> be >> done from RRAS console, see under General, "Inbound filters" >> >> "Frodo" <lyekw_cfe@hotmail.com> wrote in message >> news:eQY1QbsGEHA.1272@TK2MSFTNGP12.phx.gbl... >> >I have a DC configured as file & print sharing role. >> > Win2k srv SP4. >> > At the same time, this DC is a VPN server as well. >> > >> > Problem: >> > >> > How can i stop the remote vpn client from accessing the network >> > resources while they are on vpn connection ? >> > >> > >> > Thanks. >> > >> > >> >> > >
- Next message: Dmitry Korolyov [MVP]: "Re: change to a user object causes full or partial AD replication?"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: change to a user object causes full or partial AD replication?"
- In reply to: Frodo: "Re: file sharing issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
