Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
2003 Install 1
- Thread starter Blutch
- Start date
-
1
- #2
Alright I think i got them all, if you want to make sure it's seecure just use IPSec between your DC's and then you only have to open a few ports for the clients to connect... but this should be (or close to) the full list...
**********************************************
123 is used for time synchronization of clients with DCs
135 is used for Remote Procedure Call (RPC) communications
137
138
139 are used for NetBIOS communications, which are required for Windows NT 4, Windows 9x, and Samba 2.x clients, collectively known as down-level clients.. While Windows 2000 and above clients do not require the use of NetBIOS, many client applications such as Symantec AntiVirus and Microsoft Systems Management Server (SMS) do require NetBIOS resolution. NetBIOS support is also required for down-level clients to access resources on Windows 2000 and above clients.
389 is used by clients to perform LDAP queries of the Active Directory.
445 is used by the Server Message Block (SMB) protocol, which is used by Windows 2000 as a replacement for the NetBIOS protocol.
464 is used for the Kerberos Password V5 protocol.
636 is used for LDAP queries over SSL.
3268 is used for querying the Global Catalog of a DC via LDAP. The Global Catalog is a compilation of all objects in a given Active Directory environment.
3269 is used for performing Global Catalog LDAP queries using SSL.
3389 is used for Terminal Services, for the remote administration of DCs.
42 is protocol TCP for WINS replication.
53 is used for Domain Name System lookups.
88 is used for the Kerberos protocol, and is used by the Internet Key Exchange protocol to authenticate IPSec communications.
500 is for Internet Key Exchange (IKE), which is a protocol used by IPSec to securely negotiate security parameters (if the filter action indicates that security needs to be negotiated) and establish shared encryption keys after a packet is matched to a filter.
ICMP is used by Windows 2000 to determine whether a link between a client and another DC is “slow,” which affects which policies are applied to a system. DCs behave as clients of each other and will periodically ping each other during the application of policies. Some of this ICMP traffic has been known to trip IDS filters looking for large or fragmented ICMP packets, so care should be taken to make sure this traffic is allowed.
In the configuration of many Cisco routers that have IDS capabilities, the ICMP 2150 and 2151 signatures need to be modified to allow USGS clients only to send and receive pings to the DC. Windows 2000 tries to determine the speed of the link to the profile server by pinging the server with data. Windows pings the computer three times with no data and three times with 4 KB of data. If the response time from any of the pings is less than 10 milliseconds, the function assumes it to be a fast link (a LAN) and allows the Group Policy to be applied. According to Microsoft there is no alternative to this ICMP request.
2150 Fragmented ICMP Traffic (Attack, Atomic). Triggers when an IP datagram is received with the protocol field in the IP header set to 1 (ICMP) and either the more fragments flag is set to 1 (ICMP) or there is an offset indicated in the offset field.
2151 Large ICMP Traffic (Attack, Atomic). Triggers when an IP datagram is received with the protocol field in the IP header set to 1 (ICMP) and the IP length is greater than 1024.
50 is used by the Encapsulated Security Payload (ESP) portion of IPSec.
51 is used by the Authentication Header (AH) of IPSec.
**********************************************
123 is used for time synchronization of clients with DCs
135 is used for Remote Procedure Call (RPC) communications
137
138
139 are used for NetBIOS communications, which are required for Windows NT 4, Windows 9x, and Samba 2.x clients, collectively known as down-level clients.. While Windows 2000 and above clients do not require the use of NetBIOS, many client applications such as Symantec AntiVirus and Microsoft Systems Management Server (SMS) do require NetBIOS resolution. NetBIOS support is also required for down-level clients to access resources on Windows 2000 and above clients.
389 is used by clients to perform LDAP queries of the Active Directory.
445 is used by the Server Message Block (SMB) protocol, which is used by Windows 2000 as a replacement for the NetBIOS protocol.
464 is used for the Kerberos Password V5 protocol.
636 is used for LDAP queries over SSL.
3268 is used for querying the Global Catalog of a DC via LDAP. The Global Catalog is a compilation of all objects in a given Active Directory environment.
3269 is used for performing Global Catalog LDAP queries using SSL.
3389 is used for Terminal Services, for the remote administration of DCs.
42 is protocol TCP for WINS replication.
53 is used for Domain Name System lookups.
88 is used for the Kerberos protocol, and is used by the Internet Key Exchange protocol to authenticate IPSec communications.
500 is for Internet Key Exchange (IKE), which is a protocol used by IPSec to securely negotiate security parameters (if the filter action indicates that security needs to be negotiated) and establish shared encryption keys after a packet is matched to a filter.
ICMP is used by Windows 2000 to determine whether a link between a client and another DC is “slow,” which affects which policies are applied to a system. DCs behave as clients of each other and will periodically ping each other during the application of policies. Some of this ICMP traffic has been known to trip IDS filters looking for large or fragmented ICMP packets, so care should be taken to make sure this traffic is allowed.
In the configuration of many Cisco routers that have IDS capabilities, the ICMP 2150 and 2151 signatures need to be modified to allow USGS clients only to send and receive pings to the DC. Windows 2000 tries to determine the speed of the link to the profile server by pinging the server with data. Windows pings the computer three times with no data and three times with 4 KB of data. If the response time from any of the pings is less than 10 milliseconds, the function assumes it to be a fast link (a LAN) and allows the Group Policy to be applied. According to Microsoft there is no alternative to this ICMP request.
2150 Fragmented ICMP Traffic (Attack, Atomic). Triggers when an IP datagram is received with the protocol field in the IP header set to 1 (ICMP) and either the more fragments flag is set to 1 (ICMP) or there is an offset indicated in the offset field.
2151 Large ICMP Traffic (Attack, Atomic). Triggers when an IP datagram is received with the protocol field in the IP header set to 1 (ICMP) and the IP length is greater than 1024.
50 is used by the Encapsulated Security Payload (ESP) portion of IPSec.
51 is used by the Authentication Header (AH) of IPSec.
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question
- Locked
- Question
