I have just performed a fresh install of Windows 2000 Server on a spare HD I had lying about. I have done a quick netstat -a and I notice that there is a hell of a lot of open ports.
I will eventually use this for http access, but untill then, i'd like to lock it down as much as possible, especially as it is permenantly connected to the internet.
Is it best to close them down, or should I just hide them behind a firewall?
Here is a list of what I have open. Any advice?
Active Connections
Proto Local Address Foreign Address State
TCP godfather:ftp godfather:0 LISTENING
TCP godfather:smtp godfather:0 LISTENING
TCP godfather:http godfather:0 LISTENING
TCP godfather:epmap godfather:0 LISTENING
TCP godfather:https godfather:0 LISTENING
TCP godfather:microsoft-ds godfather:0 LISTENING
TCP godfather:1025 godfather:0 LISTENING
TCP godfather:1026 godfather:0 LISTENING
TCP godfather:1027 godfather:0 LISTENING
TCP godfather:1031 godfather:0 LISTENING
TCP godfather:3372 godfather:0 LISTENING
TCP godfather:9646 godfather:0 LISTENING
TCP godfather:netbios-ssn godfather:0 LISTENING
UDP godfather:epmap *:*
UDP godfather:microsoft-ds *:*
UDP godfather:1029 *:*
UDP godfather:1030 *:*
UDP godfather:3456 *:*
UDP godfather:1052 *:*
UDP godfather:netbios-ns *:*
UDP godfather:netbios-dgm *:*
UDP godfather:isakmp *:*
I will eventually use this for http access, but untill then, i'd like to lock it down as much as possible, especially as it is permenantly connected to the internet.
Is it best to close them down, or should I just hide them behind a firewall?
Here is a list of what I have open. Any advice?
Active Connections
Proto Local Address Foreign Address State
TCP godfather:ftp godfather:0 LISTENING
TCP godfather:smtp godfather:0 LISTENING
TCP godfather:http godfather:0 LISTENING
TCP godfather:epmap godfather:0 LISTENING
TCP godfather:https godfather:0 LISTENING
TCP godfather:microsoft-ds godfather:0 LISTENING
TCP godfather:1025 godfather:0 LISTENING
TCP godfather:1026 godfather:0 LISTENING
TCP godfather:1027 godfather:0 LISTENING
TCP godfather:1031 godfather:0 LISTENING
TCP godfather:3372 godfather:0 LISTENING
TCP godfather:9646 godfather:0 LISTENING
TCP godfather:netbios-ssn godfather:0 LISTENING
UDP godfather:epmap *:*
UDP godfather:microsoft-ds *:*
UDP godfather:1029 *:*
UDP godfather:1030 *:*
UDP godfather:3456 *:*
UDP godfather:1052 *:*
UDP godfather:netbios-ns *:*
UDP godfather:netbios-dgm *:*
UDP godfather:isakmp *:*