I'm pretty sure that if you unbind File and Print sharing and client for Microsoft Networks from the network adapter, it will stop responding to RPC requests. If you're only using the boxes for DNS, it shouldn't cause any problems.
-----Original Message----- From: VNV Jeep [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 10:05 AM To: [EMAIL PROTECTED] Subject: Securing a Win2k DNS server outside firewall... Hi All... I have 2 Windows 2000 DNS servers sitting on the outside of our firewall. They're vanilla installs of Win2k server, both running as member servers, locked down as much as possible, running a primary & secondary DNS configuration. When running a port scan against these servers, one of the only things that tends to worry me is that they both answer to port 135 RPC. I've tried to figure out a way to prevent that port from being available, but all I could find as far as answers go is that I'd need to run a firewall to block it. I did try running a small firewall on the servers, but ran into issues since DNS tends to use a myriad of dynamic ports when answering queries... Does anyone have any good ideas on how to lock down a Win2k server like this so that the only thing available as far as services go is DNS, and the replication thereof? Thanks in advance for your advice... Take care, Mike _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ Bermingham, Bob - [EMAIL PROTECTED] Confidentiality Notice: This document, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and destroy all copies of the original. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
