Windows 2000 server, TCP/IP filtering Permit Only - TCP Ports 20 - FTP 21 - FTP 25 - SMTP 80 - HTTP 110 - POP3 443 - HTTPS 1723 - PPTP 3389 - Terminal Services 5631 - PCAnywhere Permit Only - UDP Ports 53 - DNS 123 - NTP (Time Service) 5632 - PCAnywhere Permit Only - IP Protocols 1 - ICMP (Ping, etc) 6 - TCP 17 - UDP 47 - PPTP (GRE) ----------------------------------------------------- Quick port reference from Netmon\Parsers\tcpip.ini + manual IP ------------ 1 = ICMP 2 = IGMP 6 = TCP 17 = UDP 47 = GRE 89 = OSPF TCP ----------- 20 = FTP 21 = FTP 23 = TELNET 25 = SMTP 53 = DNS 79 = FINGER 80 = HTTP 102 = ISO 111 = RPC 119 = NNTP 135 = Netbios Remote procedure call 137 = NBT, 1000 138 = NBT, 1002 139 = NBT, 1001 389 = LDAP 443 = HTTPS 1024 = NBT, 1001 1026-1029 Unassigned 1033-1046 Unassigned 1047 = NBT, 1001 1362 = TDS 1433 = TDS 1723 = PPTP UDP ----------- 37 = Time 53 = DNS 67 = DHCP 68 = DHCP 111 = RPC 123 = NTP (Network Time Protocol) 161 = SNMP 162 = SNMP 137 = NBT, 1000 138 = NBT, 1002 139 = NBT, 1001 520 = RIP 2049 = RPC ----------------------------------------------------- Specific TCP/IP Port info FTP TCP both local 20 dest any, in local 21 dest any FTP passive TCP both local dyn dest any SMTP TCP 25 DNS UDP 53 DHCP out TCP both local 68 dest 67 HTTP TCP 80 PPTP GRE 47, TCP 1723 Netbios NS UDP 137 - 139 PCAnywhere TCP 5631, UDP 5632 Identd TCP bot local Identd desa any {Some applications, such as File Transfer Protocol (FTP) or Internet Relay Chat (IRC)} (Morpheus, TCP both local any rem 110, local any rem 1214) ----------------------------------------------------- From MS KB article #150543 Windows NT, Terminal Server, and Microsoft Exchange Services Use TCP/IP Ports --- List of Ports Used by Windows NT version 4.0 services: Browsing UDP:137,138 DHCP Lease UDP:67,68 DHCP Manager TCP:135 Directory Replication UDP:138 TCP:139 DNS Administration TCP:135 DNS Resolution UDP:53 Event Viewer TCP:139 File Sharing TCP:139 Logon Sequence UDP:137,138 TCP:139 NetLogon UDP:138 Pass Through Validation UDP:137,138 TCP:139 Performance Monitor TCP:139 PPTP TCP:1723 IP Protocol:47 (GRE) Printing UDP:137,138 TCP:139 Registry Editor TCP:139 Server Manager TCP:139 Trusts UDP:137,138 TCP:139 User Manager TCP:139 WinNT Diagnostics TCP:139 WinNT Secure Channel UDP:137,138 TCP:139 WINS Replication TCP:42 WINS Manager TCP:135 WINS Registration TCP:137 --- List of Ports Used by Terminal Server Clients RDP Client (Microsoft) TCP:3389 (Pre Beta2:1503) ActiveX Client (TSAC) TCP:80, 3389 ICA Client (Citrix) TCP:1494 NOTE: Terminal Server uses port 3389 --- Additional Ports Used by Windows 2000 services: Direct Hosting of SMB Over TCP/IP TCP,UDP: 445 IPSec: ISAKMP UDP: 500 ESP IP Protocol 50 AH IP Protocol 51 Kerberos TCP,UDP: 88 RSVP IP Protocol 46 ----------------------------------------------------- Unusual Addresses Like 1.10.0.184 Showing in WINS Database - WAN wrapper binding before NIC http://support.microsoft.com/support/kb/articles/Q156/2/04.asp PPTP and Interoperability with Other Local Machine Services - old info http://support.microsoft.com/support/kb/articles/Q164/0/52.asp Using Proxy Server with Routing and Remote Access - used for initial setup http://support.microsoft.com/support/kb/articles/Q169/5/48.ASP Internet Control Message Protocol (ICMP) Basics http://support.microsoft.com/support/kb/articles/Q170/2/92.ASP Common Packet Filters - good reference, but limited http://support.microsoft.com/support/kb/articles/Q174/7/85.ASP Using PPTP, RRAS, and Proxy Server 2.0 - confusing, but says pptp from LAN to WAN won't work http://support.microsoft.com/support/kb/articles/Q176/9/24.ASP Identd Packet Filter Required for Some Applications http://support.microsoft.com/support/kb/articles/Q176/9/46.ASP Configuring RRAS Filters to Permit a One-Way Ping http://support.microsoft.com/support/kb/articles/Q181/3/47.ASP Co-locating DNS Server and Proxy Server - good http://support.microsoft.com/support/kb/articles/Q181/4/18.ASP Using Passive FTP Through a Firewall with Netscape Navigator http://support.microsoft.com/support/kb/articles/Q239/5/33.ASP Cannot Renew IP Address in Proxy Server 2.0 with External Adapter That Obtains IP Address from DHCP - required with direct connect to road runner http://support.microsoft.com/support/kb/articles/Q252/4/32.ASP Proxy 2.0 Packet Filtering May Not Allow Dynamic IP on External NIC http://support.microsoft.com/support/kb/articles/Q259/6/37.ASP Port Numbers The port numbers are divided into three ranges: the Well-Known Ports,the Registered Ports, and the Dynamic and/or Private Ports. The Well-Known Ports are those from 0 through 1023.The Registered Ports are those from 1024 through 49151. The Dynamic and/or Private Ports are those from 49152 through 65535. IANA maintains a list of ports on their Web site at: http://www.iana.org/assignments/port-numbers ----------------------------------------------------- Note for Performance Monitor To view PPTP and GRE packets, follow these steps: (Q164601) edit %systemroot%\system32\Netmon\Parsers\tcpip.ini find: 5678 = PPTP change to: 1723 = PPTP save and exit input accept icmp 0 internet Echo Reply input accept icmp 3 internet Destination Unreachable input accept icmp 11 internet Time Exceeded output accept icmp 8 internet Echo Request output accept icmp 30 internet ? input drop icmp internet input accept tcp 22 internet ssh and smtp initiated connections to %loc mail% input accept tcp 25 internet input drop tcp internet output accept tcp %loc mail% 22 internet Allow ssh and smtp traffic from %loc mail% to the WAN output accept tcp %loc mail% 25 internet output accept tcp 1024:65535 21 internet Allow ftp going out output accept tcp 1024:65535 20 internet # Allow NETBIOS requests from our network !!!! not a good idea output accept tcp 137:139 %WAN Net% %WAN Mask% internet output accept udp 137:139 %WAN Net% %WAN Mask% internet # Allow ssh, telnet, smtp, finger, http, pop-2, pop-3, nntp, imap, https, certain other non-privileged ports to non-privileged ports output accept tcp 1023:65535 22 internet output accept tcp 1024:65535 23 internet output accept tcp 1024:65535 25 internet output accept tcp 1024:65535 79 internet output accept tcp 1024:65535 80 internet output accept tcp 1024:65535 109 internet output accept tcp 1024:65535 110 internet output accept tcp 1024:65535 119 internet output accept tcp 1024:65535 143 internet output accept tcp 1024:65535 443 internet output accept tcp 1024:65535 1024:65535 internet # Allow ntp, who, Kali, CuSeeMe, RealAudio on port 7070, traceroute replies input accept -p udp -sp 123 -dp 1024:65535 internet input accept -p udp -sp 513 -dp 1024:65535 internet input accept -b -p udp -sp 2213 -dp 1024:65535 internet input accept udp 6666 1024:65535 internet input accept udp 7648 7648 internet input accept udp 7070 internet input accept udp 33434:33500 1024:65535 internet input drop internet deny any other ip protocol output accept -p udp -dp 53 internet dns lookup requests from DNS servers # Allow ntp, who, Kali, CuSeeMe, RealAudio on port 7070, traceroute traffic out to the WAN output accept udp 123 -sp 1024:65535 internet output accept udp 513 -sp 1024:65535 internet output accept udp 2213 -sp 1024:65535 internet output accept udp 6666 -sp 1024:65535 internet output accept udp 7648 -sp 7648 internet output accept udp 7070 internet output accept udp 33434:33500 -sp 1024:65535 internet output drop internet ### Deny certain ip address ranges output drop 127.0.0.0 255.0.0.0 internet output drop 10.0.0.0 255.0.0.0 internet output drop 172.16.0.0 255.240.0.0 internet output drop 192.168.0.0:192.168.253.255 internet # sample allows 192.168.254.0 output drop 192.168.255.0 255.255.255.0 internet ### ----------------------------------------- From KB article 150543 List of Ports Used by Windows NT version 4.0 services: Function Static ports -------- ------------ Browsing UDP:137,138 DHCP Lease UDP:67,68 DHCP Manager TCP:135 Directory Replication UDP:138 TCP:139 DNS Administration TCP:135 DNS Resolution UDP:53 Event Viewer TCP:139 File Sharing TCP:139 Logon Sequence UDP:137,138 TCP:139 NetLogon UDP:138 Pass Through Validation UDP:137,138 TCP:139 Performance Monitor TCP:139 PPTP TCP:1723 IP Protocol:47 (GRE) Printing UDP:137,138 TCP:139 Registry Editor TCP:139 Server Manager TCP:139 Trusts UDP:137,138 TCP:139 User Manager TCP:139 WinNT Diagnostics TCP:139 WinNT Secure Channel UDP:137,138 TCP:139 WINS Replication TCP:42 WINS Manager TCP:135 WINS Registration TCP:137 ----------------------------------------- List of well known ports, from Proxy Server 2.0 AlphaWorld PrimaryPort=5670,OUT,TCP SecondaryPorts=80-80,OUT,TCP;3000-3050,IN,UDP;3000-3050,OUT,UDP;7000-7999,OUT,TCP;7000-7999,OUT,UDP; AOL PrimaryPort=5190,OUT,TCP Archie PrimaryPort=1525,OUT,UDP SecondaryPorts=0-0,IN,UDP; DNS PrimaryPort=53,OUT,UDP SecondaryPorts=0-0,IN,UDP; Echo (TCP) PrimaryPort=7,OUT,TCP Echo (UDP) PrimaryPort=7,OUT,UDP Enliven PrimaryPort=537,OUT,TCP Finger PrimaryPort=79,OUT,TCP FTP PrimaryPort=21,OUT,TCP SecondaryPorts=0-0,IN,TCP;1025-5000,OUT,TCP;32768-65535,OUT,TCP; Gopher PrimaryPort=70,OUT,TCP HTTP PrimaryPort=80,OUT,TCP HTTP-S PrimaryPort=443,OUT,TCP ICQ PrimaryPort=4000,OUT,UDP SecondaryPorts=0-0,IN,TCP;0-0,IN,UDP;1025-5000,IN,TCP;1025-5000,OUT,TCP; IMAP4 PrimaryPort=143,OUT,TCP IRC PrimaryPort=6667,OUT,TCP LDAP PrimaryPort=389,OUT,TCP MS NetShow PrimaryPort=1755,OUT,TCP SecondaryPorts=1025-5000,IN,UDP; MSN PrimaryPort=569,OUT,TCP Net2Phone PrimaryPort=6801,OUT,UDP SecondaryPorts=0-0,IN,TCP;0-0,IN,UDP;1025-5000,OUT,UDP; Net2Phone registration PrimaryPort=6500,OUT,TCP NNTP PrimaryPort=119,OUT,TCP POP3 PrimaryPort=110,OUT,TCP Real Audio (7070) PrimaryPort=7070,OUT,TCP SecondaryPorts=6770-6770,OUT,UDP;6970-7170,IN,UDP; Real Audio (7075) PrimaryPort=7075,OUT,TCP SecondaryPorts=6770-6770,OUT,UDP;6970-7170,IN,UDP; SMTP (client) PrimaryPort=25,OUT,TCP Telnet PrimaryPort=23,OUT,TCP Time (TCP) PrimaryPort=37,OUT,TCP SecondaryPorts=0-0,IN,UDP; VDOLive PrimaryPort=7000,OUT,TCP SecondaryPorts=0-0,IN,UDP; VXtreme PrimaryPort=12468,OUT,TCP SecondaryPorts=0-0,IN,UDP;1025-5000,IN,UDP;1025-5000,OUT,UDP;32768-65535,OUT,UDP; WhoIs PrimaryPort=43,OUT,TCP