Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ISA + Iptables

from [Sergey V. Gordeychik] Network Security [Permanent Link]
Subject: RE: ISA + Iptables
Date: Thu, 17 Mar 2005 09:22:37 +0300 
Hi.

You should enable following protocols from ISA to DCs:

DNS (53/UDP)
Kerberos-Sec (88/UDP)
LDAP (143/UDP/TCP)
Microsoft CIFS (445/TCP) 
NTP (123/UDP)
Ping (8,0/ICMP)

Also, you should enable RPC:
RPC endpoint mapper (135/TCP) + additional dynamic port for NTDS.

You can bind NTDS to static port (Q224196) by modifying registry.
I usual use administrative template to do it via group policy. Template,
provided below can be use to bind NTDS and also Exchange's RPC services
to static ports.

How to use it:
1. Import template into GPO (Domain Controllers Policy for example)
2. Enable display of old-style policies (View - Filtering, and uncheck
"Only show policy settings that can be fully managed")
3. Set ports (Administrative Templates - Networks - Static RPC port
mapping - Domain controllers NTDS). Value should be in high port range
(>1024) -52345 for example.
4. Update policy and reboot DCS. 
5. Check mapping (with portqry.exe for example)


<rpcpm.adm>

#if version >= 3
CLASS MACHINE

CATEGORY "Network"

CATEGORY !!PortMapping
                POLICY !!ExchangeNS
                        KEYNAME
"System\CurrentControlSet\Services\MSExchangeSA\Parameters"
                        EXPLAIN !!PortMapping_E
                        PART !!RFR NUMERIC 
                                VALUENAME !!TCP 
                                MIN 1024 MAX 60000 DEFAULT 2000
                        END PART
                        PART !!NSPI NUMERIC 
                                VALUENAME !!TCPNSPI
                                MIN 1024 MAX 60000 DEFAULT 2001
                        END PART

                END POLICY
                POLICY !!ExchangeIS
                        KEYNAME
"System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem"

                        PART !!IS NUMERIC 
                                VALUENAME !!TCP 
                                MIN 1024 MAX 5000 DEFAULT 2002
                        END PART
                END POLICY
                POLICY !!DCDS
                        KEYNAME
"System\CurrentControlSet\Services\NTDS\Parameters"

                        PART !!NTDS NUMERIC 
                                VALUENAME !!TCP 
                                MIN 1024 MAX 60000 DEFAULT 49152
                        END PART
                END POLICY
END CATEGORY

END CATEGORY

[STRINGS]

ExchangeNS=Exchange Name Services
ExchangeIS=Exchange Information Store
DCDS=Domain controllers NTDS
Network=Network configuration
PortMapping=Static RPC port mapping
RFR=SA Request For Response   (RFR) TCP port
NSPI=DS Name Service Provider  (NSPI) TCP port
IS=Exchange Information Store (IS) TCP port
NTDS=NT Directory Services
TCP="TCP/IP Port"
TCPNSPI="TCP/IP NSPI Port"
PortMapping_E=Used to map Exchange RPC services to static port's
#endif

</rpcpm.adm>

Regards,
Sergey V. Gordeychik,
MCSE, MCT, CISSP
 


--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric 
firewall software - protecting your laptops and corporate PCs at  
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back 
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Bypassing Firewalls, Sergey V. Gordeychik
Next by Date:  Re: ISA + Iptables, blindhorizon
Previous by Thread:  Re: ISA + Iptables, blindhorizon
Next by Thread:  Reporting software for big amount fo Check Point Logs, Fredy Santana
Indexes:  [Date] [Thread] [Top] [All Lists]