[Dshield] Active Directory Firewall rules

Scott Melnick smelnick at water.com
Mon Aug 29 22:23:01 GMT 2005


Well, at the least. If you are unsure, you need to watch the traffic for
a day or 2 and see what ports are being communicated. If you do an ANY
ANY rules then log the connections in a syslog so you can go back and
research all the ports being used.



Scott Melnick
Security Admin

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of warwick ackfin
Sent: Monday, August 29, 2005 1:01 PM
To: list at lists.dshield.org
Subject: [Dshield] Active Directory Firewall rules

Greetings all -

    I'm being told by someone higher than I in the AD food chain here
at Ivory Towers Inc that I have to add a rule in my firewall that says
ROOT_DC ANY to MY_DC ANY.  Now, color me ignorant, but I thought AD
traffic used a FINITE group of ports(actually I'm being kind...i
thought it was only tcp445).  Why should I open everything to these
people?


-- 
Warwick AckFin

Don't tread on me
<><


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list