[Dshield] Active Directory Firewall rules

Ed Truitt ed.truitt at etee2k.net
Mon Aug 29 22:16:01 GMT 2005


I don't know if you have to open all ports or not, but I am sure that more than 445 needs to be open - for instance, 389 (LDAP), Kerberos, Glbl Catalog, maybe others.

-EdT.
-----Original Message-----
From: warwick ackfin <warwick7th at gmail.com>
Date: Mon, 29 Aug 2005 13:00:43 
To:list at lists.dshield.org
Subject: [Dshield] Active Directory Firewall rules

Greetings all -

    I'm being told by someone higher than I in the AD food chain here
at Ivory Towers Inc that I have to add a rule in my firewall that says
ROOT_DC ANY to MY_DC ANY.  Now, color me ignorant, but I thought AD
traffic used a FINITE group of ports(actually I'm being kind...i
thought it was only tcp445).  Why should I open everything to these
people?


-- 
Warwick AckFin

Don't tread on me
<><


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list