[Durt]

I am running a game server and I want to shut down any unnecessary ports. I did a port sniff and this is what I got.

Port State Service
80/tcp open http
135/tcp open loc-srv
135/udp open loc-srv
161/udp open snmp
500/udp open isakmp
1025/tcp open listen
1026/tcp open nterm
1027/udp open unknown
3389/tcp open msrdp
27015/udp open unknown

The ports that need to be open are for the http server (80), traffic monitoring (161), TS (3389) and the game server (27015). I want to shut down the rest. What services do I need to shut off to do this and is that prudent.

thanks.

[Palos]

It would be easier and faster to use a Firewall. You can shut down ports, among other things. Try www.tinysoftware.com for a good rated firewall (for personal use it's freeware).

Or if you have a cable/dsl connection, get yourself a router. You can do more fancy stuff with it, like NATing, port redirection, DHCP,etc. All configurable via browser.

From looking at your last port, I would suggest you use a Punkbuster server too That would complicate your port range selection though...

[Durt]

Thanks for the recommendations. We tried PB, but got more complaints after implentation than before. Now that they have stopped updating PB, it doesn't stop the new cheats.

A software firewall would be cool if it didn't add any latnecy to the clients and didn't eat up too much resources. We will look into that.

Meanwhile, I would still like to shut down any services that don't need to be open for our simple game server.

btw, the OS is w2k server.

Thanks again...

[Palos]

PB maybe cannot stop the new ones, but it can surely stop all of the old ones...kinda narrows it down. You can always try to bust the lama thru screenies.

Looks like IIS 5.0 is running as default, make sure you stop it or uninstall it.

[Durt]

We want a web server running. We are not using IIS (shut off)... we are using the W32 version of Apache.

[clutch]

If you select "permit only" (in TCP/IP properties for the NIC) and enter those ports to leave open, then you should be fine as far as blocking goes. I don't use this myself, as I either use a hardware firewall of find a NAT/Proxy package that will allow for port filtering/forwarding (which Win2K does have a nice one in "Routing and Remote Access" that comes with server). This method will also include a bit more work on your part as most software firewalls have simple interfaces to guide you through your tasks.

One more thing, is this system sitting on a LAN and receiving the connections to be limited from the Internet? If so, you could use 2 NICs and just lock down all the traffic on the external one. Just bear in mind this might have to take some adjustments, as I can't remember if this filter only blocks SYN/ACK packets or all traffic to the listed ports. If it indeed blocks ALL traffic, you might have some issues with DNS requests and FTP going out. If you install Routing and Remote Access, you can also install the NAT module and tweak it from there.

[Durt]

Thanks a bunch, that page looks like a good read is probably exactly what we need to implement. We've had some security breaches on this exposed, stand-alone server and we need to crack down.

Thanks again!