Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] What tool? Fastest way to generate port info to build

from [Bristol, Gary L.] Network Security [Permanent Link]
Subject: RE: [Snort-users] What tool? Fastest way to generate port info to build acl protection?
Date: Fri, 18 Nov 2005 18:58:41 -0600 
we have our exchange here limited to 3 ports for Clients to Server comm, 
 
the GAL is setup on two ports, and so on.
 
Of course there are some standard also, like 
 
port 25 and 691 for SMTP and Exchange LSA
port 53 for DNS
port 88 for 
port 135, 445, 1025
port 389 for ldap
port 3268 & 3269 for GAL
 
and so on
 
 
 

________________________________

From: snort-users-admin@lists.sourceforge.net on behalf of Jason Haar
Sent: Fri 11/18/2005 6:07 PM
To: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] What tool? Fastest way to generate port info to 
build acl protection?



Turnquist,Wayne wrote:

1st Goal: To map-document all systems and business traffic that needs to 
cross to/from our site.
2nd Goal: Create cisco acl to install on our router to permit for now all 
needed ports for goal number 1 and deny everything else
 

Your 2nd goal will be IMPOSSIBLE without more work than just mapping it.

Windows relies heavily on RPC - which involves *dynamically* allocating
port numbers.  So does Exchange, so does....

There aren't static ports that you could base firewall ACLs on

However, regedit is your friend. Read all appropriate Microsoft
whitepapers and you may be able to hardwire Active Directory and
Exchange and whatever else to use static ports, and then away you go.

However, I think you are trying pushing the proverbial up hill there... ;-)

For internal Windows networks its usually best to focus on defining
categories of machines (e.g. HR, finance) and ACL them off - leaving the
rest of the network open.

Just my opinion - based on a lot of experience (i.e I've tried to do it too)

--

Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] What tool? Fastest way to generate port info to build acl protection?, Jason Haar
Next by Date:  Re: [Snort-users] What tool? Fastest way to generate port info to build acl protection?, Richard Bejtlich
Previous by Thread:  RE: [Snort-users] What tool? Fastest way to generate port info to build acl protection?, Briggs, Bruce
Next by Thread:  Re: [Snort-users] What tool? Fastest way to generate port info to build acl protection?, Richard Bejtlich
Indexes:  [Date] [Thread] [Top] [All Lists]