Jump to content
Compatible Support Forums
Sign in to follow this  
Durt

Shutting down ports

Recommended Posts

I am running a game server and I want to shut down any unnecessary ports. I did a port sniff and this is what I got.

 

Port State Service

80/tcp open http

135/tcp open loc-srv

135/udp open loc-srv

161/udp open snmp

500/udp open isakmp

1025/tcp open listen

1026/tcp open nterm

1027/udp open unknown

3389/tcp open msrdp

27015/udp open unknown

 

The ports that need to be open are for the http server (80), traffic monitoring (161), TS (3389) and the game server (27015). I want to shut down the rest. What services do I need to shut off to do this and is that prudent.

 

thanks.

Share this post


Link to post

It would be easier and faster to use a Firewall. You can shut down ports, among other things. Try www.tinysoftware.com for a good rated firewall (for personal use it's freeware).

 

Or if you have a cable/dsl connection, get yourself a router. You can do more fancy stuff with it, like NATing, port redirection, DHCP,etc. All configurable via browser.

 

From looking at your last port, I would suggest you use a Punkbuster server too smile That would complicate your port range selection though...

Share this post


Link to post

Thanks for the recommendations. We tried PB, but got more complaints after implentation than before. Now that they have stopped up[censored] PB, it doesn't stop the new cheats.

 

A software firewall would be cool if it didn't add any latnecy to the clients and didn't eat up too much resources. We will look into that.

 

Meanwhile, I would still like to shut down any services that don't need to be open for our simple game server.

 

btw, the OS is w2k server.

 

Thanks again...

Share this post


Link to post

PB maybe cannot stop the new ones, but it can surely stop all of the old ones...kinda narrows it down. You can always try to bust the lama thru screenies.

 

Looks like IIS 5.0 is running as default, make sure you stop it or uninstall it.

Share this post


Link to post

We want a web server running. We are not using IIS (shut off)... we are using the W32 version of Apache.

Share this post


Link to post

If you select "permit only" (in TCP/IP properties for the NIC) and enter those ports to leave open, then you should be fine as far as blocking goes. I don't use this myself, as I either use a hardware firewall of find a NAT/Proxy package that will allow for port filtering/forwarding (which Win2K does have a nice one in "Routing and Remote Access" that comes with server). This method will also include a bit more work on your part as most software firewalls have simple interfaces to guide you through your tasks.

 

One more thing, is this system sitting on a LAN and receiving the connections to be limited from the Internet? If so, you could use 2 NICs and just lock down all the traffic on the external one. Just bear in mind this might have to take some adjustments, as I can't remember if this filter only blocks SYN/ACK packets or all traffic to the listed ports. If it indeed blocks ALL traffic, you might have some issues with DNS requests and FTP going out. If you install Routing and Remote Access, you can also install the NAT module and tweak it from there.

Share this post


Link to post

Thanks a bunch, that page looks like a good read is probably exactly what we need to implement. We've had some security breaches on this exposed, stand-alone server and we need to crack down.

 

Thanks again!

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×