You'll want to disable netbios over TCP as well. See this document for instructions: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/prodtech/windows/secwin2k/a0604.asp
Drew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 2:48 PM Cc: [EMAIL PROTECTED] Subject: Re: Securing a Win2k DNS server outside firewall... If it's a Win2K box.... In the Network properties of the NIC, double click TCP/IP, then click advanced. Under the WINS tab, select the Disable NetBIOS over TCP/IP. That should do the trick. "VNV Jeep" <[EMAIL PROTECTED]> 06/06/2003 12:05 PM To [EMAIL PROTECTED] cc Subject Securing a Win2k DNS server outside firewall... Hi All... I have 2 Windows 2000 DNS servers sitting on the outside of our firewall. They're vanilla installs of Win2k server, both running as member servers, locked down as much as possible, running a primary & secondary DNS configuration. When running a port scan against these servers, one of the only things that tends to worry me is that they both answer to port 135 RPC. I've tried to figure out a way to prevent that port from being available, but all I could find as far as answers go is that I'd need to run a firewall to block it. I did try running a small firewall on the servers, but ran into issues since DNS tends to use a myriad of dynamic ports when answering queries... Does anyone have any good ideas on how to lock down a Win2k server like this so that the only thing available as far as services go is DNS, and the replication thereof? Thanks in advance for your advice... Take care, Mike _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------