This document provides filter settings for network operators to review so that they can address security issues in their environment. They can then control the protocols and ports that are accessible on their servers running the Microsoft® Windows NT® Server operating system. Filter settings can be applied optionally on any of the following devices and software:
Note This document contains information that requires periodic updates so the latest information on this topic can be provided. Use this document as a reference. Please check original source locations for the most recent filter setting updates.
Network operators can apply the following registry key settings to control NetBIOS Messages and Name Resolution behavior on any computer running the Microsoft® Windows NT® Server operating system.
These settings prevent NetBIOS messages from being sent and listened to on a given server using the messenger service.
Hkey_Local_machine\System\CurrentControlSet
\Alerter
Start = REG_DWORD 0x3
\Messenger
Start = REG_DWORD 0x3
These settings prevent the system from requesting and responding to NetBIOS Name Resolution lookups on user datagram protocol (UDP) ports 137 and 138 respectively.
Hkey_Local_machine\System\CurrentControlSet
\Browser
Start = REG_DWORD 0x3
\NetBT\Parameters
EnableDNS = REG_DWORD 0x1
EnableLMHOSTS = REG_DWORD 0x0
NodeType = REG_DWORD 0x2
Tcp = 6
Udp = 17
Gre [pptp] = 47
Service | Protocol | Client / Server
Request Port |
Service Port In | Service Port Out |
Browsing of NetBIOS over TCP/IP | UDP (requests) | 137 | 137 | 137 |
UDP (datagram responses) | 138 | 138 | 138 | |
Content replication service | TCP | 507 | ||
Cybercash | TCP (credit gateway) | 8000 | ||
TCP (admin) | 8001 | |||
TCP (coin gateway) | 8002 | |||
DHCP lease | TCP (request) | 67 | ||
TCP (response) | 68 | |||
DNS (client to server lookup) | TCP or UDP (depends on software) | 1024 – 5000 | 53 | 53 |
(server to server lookup) | TCP or UDP (depends on software) | 53 | 53 | 53 |
(primary to secondary zone transfer) | TCP | 53 | 53 | 1024 - 5000 |
(primary to secondary soa record transfer) | UDP | 53 | 53 | 53 |
File shares | UDP (name lookup) | 137 | ||
TCP (session) | 139 | |||
FTP-data | TCP | 20 | ||
FTP | TCP | 21 | ||
HTTP | TCP | 80 | ||
HTTP-Secure Sockets Layer (SSL) | TCP | 443 | ||
IMAP4 | TCP | 143 | ||
IRC | TCP | 531 | ||
ISPMOD (SBS 2nd tier DNS registration wizard) | TCP | 1234 | ||
LDAP | TCP | 389 | ||
LDAP (SSL) | TCP | 636 | ||
Membership DPA | TCP | 568 | ||
Membership MSN | TCP | 569 | ||
Microsoft Chat (michat) | TCP (server to server) | 6665 | ||
TCP (client to server) | 6667 | |||
NetBT | UDP (name lookups) | 137 | ||
UDP (datagrams) | 138 | |||
TCP (service sessions) | 139 | |||
NetMeeting | TCP (user location service) | 522 | ||
TCP (T.120) | 1503 | |||
TCP (audio call ctrl) | 1731 | |||
UDP (RTP audio stream) | Dynamic | |||
NetShow (with protocol rollover) | UDP | Tcp/1755 | Tcp/1755 | Udp/1755 |
TCP | 1755 | 1755 | ||
HTTP | 80 | 80 | 80 | |
Multicast 224.0.0.1 - 239.255.255.255 |
1 - 65000 | 1 – 65000 | 1 - 65000 | |
DCOM | 135 | 135 | 1024 – 5000 | |
NNTP | TCP | 119 | ||
POP3 | TCP | 110 | ||
PPTP | PPTP (protocol 47, GRE) | 1723 | ||
Printer sharing | UPD (name lookup) | 137 | ||
TCP (session) | 139 | |||
RADIUS | UDP (authentication) | 1645 or 1812 | ||
UDP (accounting) | 1646 or 1813 | |||
Referral.microsoft.com (for Internet Explorer and SBS signup referrals) | TCP | 80 | ||
RPC (for example, userMgr, SrvMgr, and so on) | TCP (port mapper) | 135 | ||
TCP (session ports) | Dynamic | |||
SMTP | TCP | 25 | ||
SNMP | UDP | 161 | ||
SNMP Trap | UDP | 162 | ||
SQL Server (namedPipes client, supports encryption over NetBEUI, IPX/SPX, TCP/IP) | UDP (name lookup) | 137 | ||
TCP (session) | 139 | |||
SQL Server (TCP client) | UDP/TCP (name lookup) | 53 | ||
TCP (session) | 1433 | |||
SQL Server (RPC client, supports encryption over NetBEUI, IPX/SPX, TCP/IP) | UDP (name lookup) | 137 | ||
TCP (session mapper) | 135 | |||
TCP (session) | 1024-5000 | |||
(RPC client using a fixed port, see Knowledge Base article 164667) | TCP (session queries) | 1500 | ||
(RPC client using a fixed port, see Knowledge Base article 164667) | TCP (session replication) | 2500 | ||
Telnet | TCP | 23 | ||
Wins registration | UDP (NetBIOS over TCP/IP name service) | 137 | ||
Wins replication | TCP | 42 | ||
Windows Challenge/Response authentication | TCP (NetBIOS over TCP/IP session service) | 139 | ||
X400 | TCP | 102 |
Information in this document, including URL and other Internet web site references, is subject to change without notice. The entire risk of the use or the results of the use of this resource kit remains with the user. This resource kit is not supported and is provided as is without warranty of any kind, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 1999-2000 Microsoft Corporation. All rights reserved.
Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries/regions.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.