[Dshield] Active Directory Firewall rules

Josh Tolley josh at raintreeinc.com
Mon Aug 29 22:28:58 GMT 2005


> -----Original Message-----
> From: warwick ackfin <warwick7th at gmail.com>
> Date: Mon, 29 Aug 2005 13:00:43 
> To:list at lists.dshield.org
> Subject: [Dshield] Active Directory Firewall rules
> 
> Greetings all -
> 
>     I'm being told by someone higher than I in the AD food chain here
> at Ivory Towers Inc that I have to add a rule in my firewall that says
> ROOT_DC ANY to MY_DC ANY.  Now, color me ignorant, but I thought AD
> traffic used a FINITE group of ports(actually I'm being kind...i
> thought it was only tcp445).  Why should I open everything to these
> people?
> 

You certainly don't have to allow *everything* -- wish I could help on 
what you *do* have to allow. This sounds like the typical ISP tech 
support mantra, "Have you disabled any firewall systems you are 
running?" The thing is, the ports you can be sure you need to leave open 
(such as 445, for instance) are the ones you'd really like to block 
anyway. They're the ones you're most likely to get a worm from when 
someone brings their infected laptop into the office.

--
Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033




More information about the list mailing list