| Author |
Message |
Dana L. Stille
Guest
|
 Posted:
Thu Oct 20, 2005 4:51 pm Post subject:
TCP/UDP Port Security Troubleshooting |
|
|
Can anyone point me to a good resource for determining what TCP and UDP ports have been disabled, and how they were disabled. I am trying to find out if a GPO is closing ports, but I am having a hard time locating where these settings would be located. Any help would be appreciated. Thanks!
--
DANA STILLE |
|
| Back to top |
|
 |
Miha Pihler [MVP]
Guest
|
| Posted:
Thu Oct 20, 2005 8:51 pm Post subject:
Re: TCP/UDP Port Security Troubleshooting |
|
|
Hi Dana,
TCP and UDP ports are used by different services. E.g. IIS uses TCP port 80 by default. If you shut down IIS on the server it will also stop listening (it will close) TCP port 80.
So -- if you are looking at closing ports you first have to figure out what service is using it and do you need it. If you don't need the service you can simply shut it down using group policy.
Still -- you can never shut down all services and close all the ports. In this case you might want to think about using Windows Firewall and control it using Group Policy.
Help: Administering Windows Firewall with Group Policy
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2f56f19e-b9da-4530-8772-f37d2302255e.mspx
--
Mike
Microsoft MVP - Windows Security
"Dana L. Stille" <dlstille@southernco.com> wrote in message news:%23kE9DXZ1FHA.3756@tk2msftngp13.phx.gbl...
Can anyone point me to a good resource for determining what TCP and UDP ports have been disabled, and how they were disabled. I am trying to find out if a GPO is closing ports, but I am having a hard time locating where these settings would be located. Any help would be appreciated. Thanks!
--
DANA STILLE |
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Fri Oct 21, 2005 4:51 pm Post subject:
Re: TCP/UDP Port Security Troubleshooting |
|
|
As Mike said ports are used by services and applications. Either the service or application can be stopped or the ports can be blocked via firewall or ipsec policy. If you do the command netstat -an and see the ports are listening or connected on the computer then he service/application is running and access to the ports are being blocked by firewall, ipsec policy, or tcp/ip filtering. To see if Group Policy is involved either by stopping services or using ipsec try running the Resultant Set of Policy mmc snapin for computers running Windows 2003 or XP Pro. For Windows 2000 computers you would have to use the support tool gpresult and may want to use the /v [gpresult /v>c:\myfile.txt to dump a report] switch to see what Group Policies and setting are being applied to the computer or users. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;323276 --- Windows 2003 RSOP. It can also be run locally on an XP Pro computer.
"Dana L. Stille" <dlstille@southernco.com> wrote in message news:%23kE9DXZ1FHA.3756@tk2msftngp13.phx.gbl...
Can anyone point me to a good resource for determining what TCP and UDP ports have been disabled, and how they were disabled. I am trying to find out if a GPO is closing ports, but I am having a hard time locating where these settings would be located. Any help would be appreciated. Thanks!
--
DANA STILLE |
|
| Back to top |
|
|
Roger Abell [MVP]
Guest
|
| Posted:
Mon Oct 24, 2005 4:51 pm Post subject:
Re: TCP/UDP Port Security Troubleshooting |
|
|
Just as an added bit of info . . .
If you use resultant set of policy, trust it to let you know what
GPOs might be carrying IPsec policy to a specific machine.
Do not trust it to show you what IPsec policy is assigned to
the machine. Instead you need to rely on your own manual
documentation / change-control process as RSoP for IPsec
in an enterprise is severely broken.
"Dana L. Stille" <dlstille@southernco.com> wrote in message
news:%23kE9DXZ1FHA.3756@tk2msftngp13.phx.gbl...
Can anyone point me to a good resource for determining what TCP and UDP
ports have been disabled, and how they were disabled. I am trying to find
out if a GPO is closing ports, but I am having a hard time locating where
these settings would be located. Any help would be appreciated. Thanks!
--
DANA STILLE |
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Mon Oct 24, 2005 4:51 pm Post subject:
Re: TCP/UDP Port Security Troubleshooting |
|
|
Good point Roger! For those that are experiencing any troubles that they
believe may be ipsec related the link below from the domain isolation guide
is by far the best I know for troubleshooting Windows ipsec with some very
interesting scenarios that can be problematic. However it states somewhere I
believe that there is no available documentation to help interpret IKE
logging to the Oakley.log file.
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecch7.mspx
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:uTQCRmK2FHA.2540@TK2MSFTNGP09.phx.gbl...
| Quote: | Just as an added bit of info . . .
If you use resultant set of policy, trust it to let you know what
GPOs might be carrying IPsec policy to a specific machine.
Do not trust it to show you what IPsec policy is assigned to
the machine. Instead you need to rely on your own manual
documentation / change-control process as RSoP for IPsec
in an enterprise is severely broken.
"Dana L. Stille" <dlstille@southernco.com> wrote in message
news:%23kE9DXZ1FHA.3756@tk2msftngp13.phx.gbl...
Can anyone point me to a good resource for determining what TCP and UDP
ports have been disabled, and how they were disabled. I am trying to find
out if a GPO is closing ports, but I am having a hard time locating where
these settings would be located. Any help would be appreciated. Thanks!
--
DANA STILLE
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in