RE: FN-FORUM: Ports

date posted 22nd November 2003 02:00

> If however you are just running a firewall and you want some
> advice then there are a number of sites that may help you.
>
> First Rule: If you don't know what it is then ban it.
>
> Can you tell us more about why you need this info?
>

Hi Alex,

Not quite configuration of my firewall - but kind of..

I run and part-own a broadband ISP on the Isle of Wight and we are having a
few capacity issues which for all intense and purposes should not be an
issue, so we are starting to possibly think that the problem is due to
excess icmp and other type of noise on the internal network.

In Particular, we have written a little honeypot application (called
Poohbear & Tigger) which is sitting on the network monitoring ports and over
the course of about 4 days it has created a 4Mb HTML file with IP/Hostnames
of addresses that have scanned it - the majority are coming from port 135
(Microsoft DCE Locator service).

I needed to find out what uses this port (which seems to be DHCP Server /
DNS Server / WINS Server) so that I could see what the implications were if
I were to update config on our CMTS (Cable Modem Termination System) to
suppress all traffic on our internal network on that port.

Rgds,

Carl.