For a long time now I've been trying to get a handle on what is really required for MS hosts to talk to to other MS hosts but googled doco is scant.
The MS site does not seem to acknowledge the existence of UDP or TCP (surprised: Not me!)
Also in the predefined services of the ASA there is nothing for 135 (both tcp and UDP i believe) ... this is pretty weird as it is the MS end point mapper and therefore very common.
Any info or links to definitive stuff would be useful.
BTW: I am, of course not letting this MS chatter move over OUTSIDE interfaces .. we have many internal FW's and pvt links into customers where some of this dodgy MS stuff is required in order to support the customers.
Actually most organizations which are conscious about security don't even allow file sharing directly between hosts. A file-sharing server is setup for this (do a google search for Microsoft DFS). Users are given access to this (with personal folders for each). This makes access-control relatively easy. This also reduces the damage caused by worms and other malware
I'm well aware of the dangers of the basic microsoft ports unfortunately there are a number of apps used by our organization that require some or all of NetBios gunk - the HP-OVO suite and Radia most specifically.
I'm just finding it really difficult, even with the help of everyone's friend Google, to determine whether these ports are UDP or TCP. Microsoft documentation seems to not realize there is a difference; and HP doco does not seem to provide any information at all.
Also I'm still looking for an index of of the predefined ports in the ASA OS. I can't understand why there would be several predefined netbios ports but 135 (seemingly UDP & TCP) - the vital MS end-point mapper - is not defined. Nor the newer SMB tcp&udp-445 port
So my query is not only about these 'common' (but ill-defined) MS ports, but what is in the list and why are there glaring omissions?
Just had a look at DFS .. we already use it across our multiple sites but these are 'internal' and connected by pvt WAN.
Despite my last post and references to other apps using the annoying netbios stuff, there is still a need for file sharing across FW boundries - internal & various levels of DMZ (most of these not accessible to the 'outside' but rather cordoned off areas of server groups).
But even using DFS there is a need for prts opened on a FW - possibly both directions for DFS. Do you know what these are?
The Distributed File System (DFS) integrates disparate file shares that are located across a local area network (LAN) or wide area network (WAN) into a single logical namespace. The DFS service is required for Active Directory domain controllers to advertise the SYSVOL shared folder.
System service name: Dfs
Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Session Service TCP 139
LDAP Server TCP 389
LDAP Server UDP 389
SMB TCP 445 ****
RPC TCP 135 ****
Randomly allocated high TCP ports TCP random port number between 1024 - 65535*
* For more information about how to customize this port, see the "Remote Procedure Calls and DCOM" section in the "References" section.
See my attachment if you want a handy excel speadsheet of same (but without the useful tips your link provides)
Still got all the MS gunk though; looks like we'll never escape it.
And still no reason why Cisco have not predefined TCP-135, the most used MS port (they have Sun's version). Oh well, chalk it down as an oversight.
Also no listing/index of ASA predefined ports that I can find. I'll just have to hold my mouse cursor over each item and wait for the pop-up. Or hope they call the port the same thing as everyone else.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...