September 9th, 2005, 06:44 AM
Port Blockers for Windows 2003 Server machine
Suggestions are invited on how to block individual ports from Win2k3 Server machine..
Though most of the viruses and worms could be controlled (only temporarily) by disabling the unwanted services and using proper firewall+AV mechanism... but it has been seen that the worms use certain ports like 445, 1443, 135 etc.. to communicate with peer machines...
Even though they can be cleaned but it seems that in windows OS it will never be possible to plug all the vulnerable holes. You plug or patch one and other vulnerability pops up after a few weeks.. THis is an endless cycle of patch --> infected --> detect --> Patch -->infected -->detect --> patch -->infected ---------------------------------------------------------- > Retired.
May be blocking the individual ports may provide relief for some time..
So I require info on Port Blockers.... Certainly there are many but I have never used any till now... May be it is because I have been using Windows Only for a long time now... and such tools are not recommended in such environ. BUt certainly *nix guys around on this forum may provide useful inputs..
September 9th, 2005, 07:56 AM
Why not just not use the vulnerable services? If you're not using them internally, there is no reason to have the services running. If you need them internally, but not externally, just block them at the firewall.
And always keep current with patches.
EDIT: Just to clarify, worms do not use specific "ports", they use specific services, which happen to be associated with ports.
September 9th, 2005, 01:37 PM
Any firewall that u can suggest for the Win 2003 server because the machine is being used for hosting a portal also.. The portal is running on Apache Tomcat webserver..
We had activated the internal firewall.. and used third party firewalls also... but in vain...
Because the firewalls seem to be interfering with the functioning of Tomcat also..
September 10th, 2005, 05:31 AM
Windows 2003 Server includes a great tool called IPSec, you can block traffic, encrypt traffic, etc.
\"Poor planning on your part does not necessitate an emergency on my part.\" -Unknown