Secure Deployment of a Windows 2000 laptop using Nessus and the ::
File Format: PDF/Adobe Acrobat - View as HTMLdmserver(Logical Disk manager), DNScache(DNS Client), Eventlog(Event Windows Update then reported that an additional hotfix now had to
http://www.cisecurity.org/Documents/Jeffrey_Bisko_GCWN.pdfHOME |
I'm pretty sure in the past I used to block this port but now all of sudden DNS ceases to function if I block it. Is this supposed to happen? FAQ: Miranda IM 0.3 - Версия для печати - Конференция iXBT.com::
ICQ: Cleaned up the code for searches and user info updates, should work better now. - ICQ: AIM users in your server contact list would get added locally
http://forum.ixbt.com/post.cgi?id=print:69:149&all=1HOME |
Tcp 1025 Opened By "system"?::
14 posts - Last post: Nov 29, 2003Stopt the svchost.exe proces and the port will go away but you wont i left that port blocked by a FW and could no longer access my ftp
http://www.governmentsecurity.org/archive/t2313.htmlHOME |
same goes for 1029
also, this doesn't make much sense. THe pic below shows Outpost blocking the DNS port even though I only blocked the mentioned local ports.
EDIT: Also, if I change the rules to just block inbound, it still blocks like below. microsoft.public.win2000.security: By Date::
Re: certificate revocation doesn't work John McCoy (01/30/03) Strange Connection/activity using svchost.exe -k bitsgroup itchy (01/23/03)
http://www.derkeiler.com/Newsgroups/microsoft.public.win2000.security/2003-01/date.htmlHOME |
Andyd,
Two points to make here: Be cautious when creating a ruleset for svchost. This performs some critical functions (like DNS and DHCP) in Windows XP so blocking it can result in your network connection being lost. Allowing it unrestricted access is almost as bad since it would leave your PC vulnerable to RPC/DCOM worms like MSBlast and their ilk. If you wish to create a ruleset for it, check out section E2 of 1 for a detailed recommendation. Do not specify a local port for an outgoing rule - these are dynamically assigned so you cannot predict what your rule will cover. Local ports should only be used for incoming rules (where the port at the other end is dynamic) - only remote ports should be specified for outgoing rules. Smokey's Security Forums • View topic - Suggestions for Jetico2 ::
So let's say you get a svchost receive datagram on local port 1026 (CAP, So I have three rules now for it DNS CLient, w32Time, and a block rule where I
http://www.smokey-services.eu/forum/viewtopic.php?f=51&t=1482&start=0HOME |
 Microsoft Unleashes Visual Studio .NET
 IBM's iPhrase Buy Adds to WebSphere
|
PRINT
Add to favorites