Disabling TCP/IP Services on Windows 2000/ NT Servers

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Dear all,

Does anybody knows how to disable any of the following TCP/IP services on
Windows NT/2000:
ECHO, CHARGEN, RSTAT, TFTP, RWALL, RUSER, DISCARD, DAYTIME, BOOTPS, FINGER,
SPRAYD, PCNFSD

I guess i could block the according port for each one, but there must be any
other way to do it...

Thanks for any suggest..
Daniel

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Try this:

Go into Network and Dial-up Connections, Find your Local Area Connection,
and go into its properties. Go into Properties for TCP/IP. Go into
Advanced. Go into the options tab, click on TCP/IP filtering, go into
properties. You can thank MS, for burying it 50 levels deep.

Now you have 2 strategies.
1. Block everything, permit only what you know you need.
2. Allow everything, block those specific services.

Option 1 is more secure.

Enjoy,

BogdanSUA

"Daniel Hernandez" wrote:

> Dear all,
>
> Does anybody knows how to disable any of the following TCP/IP services on
> Windows NT/2000:
> ECHO, CHARGEN, RSTAT, TFTP, RWALL, RUSER, DISCARD, DAYTIME, BOOTPS, FINGER,
> SPRAYD, PCNFSD
>
> I guess i could block the according port for each one, but there must be any
> other way to do it...
>
> Thanks for any suggest..
> Daniel

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You could uninstall the applications that use those services. For instance
using add and remove programs - Windows Components you could uninstall
simple tcp/ip services or others under networking and/or other networking.
If it is not a Windows component you could use some thing like Fport or
TCPView from SysInternals to view port to process/executable mapping to
determine what to disable. For Windows 2000 you could also implement an
ipsec filtering policy that uses permit and block filter actions to act as a
packet filtering host firewall to insure that unauthorized ports are blocked
for incoming or outgoing traffic though it is not recommended to use ipsec
filtering as the only barrier to internet access. Ipsec policy can be
implemented via Group Policy also. The link below may help. --- Steve

http://www.securityfocus.com/infocus/1559

"Daniel Hernandez" <Daniel Hernandez@discussions.microsoft.com> wrote in
message news:20232715-CBC1-4E67-9669-665AE207F4C1@microsoft.com...
> Dear all,
>
> Does anybody knows how to disable any of the following TCP/IP services on
> Windows NT/2000:
> ECHO, CHARGEN, RSTAT, TFTP, RWALL, RUSER, DISCARD, DAYTIME, BOOTPS,
> FINGER,
> SPRAYD, PCNFSD
>
> I guess i could block the according port for each one, but there must be
> any
> other way to do it...
>
> Thanks for any suggest..
> Daniel

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Use a firewall

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"Daniel Hernandez" <Daniel Hernandez@discussions.microsoft.com> wrote in
message news:20232715-CBC1-4E67-9669-665AE207F4C1@microsoft.com...
> Dear all,
>
> Does anybody knows how to disable any of the following TCP/IP services on
> Windows NT/2000:
> ECHO, CHARGEN, RSTAT, TFTP, RWALL, RUSER, DISCARD, DAYTIME, BOOTPS,
FINGER,
> SPRAYD, PCNFSD
>
> I guess i could block the according port for each one, but there must be
any
> other way to do it...
>
> Thanks for any suggest..
> Daniel

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Most of what you've listed here is not typically running on a Windows system.

Echo, Chargen, Discard, and Daytime are all part of an optional component
called "Simple TCP/IP services." This component is not installed by default,
so if you haven't added it, then these services don't exist, so no disabling
is necessary. Finger, Rstat, Rwall, and Ruser are Unix utilities that are
not present in Windows. SprayD is the server side of a Unix UDP packet-blasting
program used for evaluating performance and is not present in Windows. PCNFSD
is the daemon for NFS, a Unix file-sharing protocol that is not part of Windows.
There are some Windows versions of NFS but it's unlikely you're using it;
if you were, you'd know it. BootPS is a BootP/DHCP server for Unix. It is
not the DHCP server in Windows. TFTP is from tftpd.exe, the TFTP server daemon,
which is present only on Server operating systems. Typically TFTP isn't running
unless you've installed RIS, so again, you probably have nothing to disable.

This list is oddly specific. Why are you asking about them? I'm curious --
is this the output of some vulnerability scanner you ran?

Steve Riley
steriley@microsoft.com



> Dear all,
>
> Does anybody knows how to disable any of the following TCP/IP services
> on
> Windows NT/2000:
> ECHO, CHARGEN, RSTAT, TFTP, RWALL, RUSER, DISCARD, DAYTIME, BOOTPS,
> FINGER,
> SPRAYD, PCNFSD
> I guess i could block the according port for each one, but there must
> be any other way to do it...
>
> Thanks for any suggest..
> Daniel

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

you can uninstall the "Simple TCP/IP Services" in the add/remove program of
control pannel. and you can use ipsec to block what you want.


"Daniel Hernandez" wrote:

> Dear all,
>
> Does anybody knows how to disable any of the following TCP/IP services on
> Windows NT/2000:
> ECHO, CHARGEN, RSTAT, TFTP, RWALL, RUSER, DISCARD, DAYTIME, BOOTPS, FINGER,
> SPRAYD, PCNFSD
>
> I guess i could block the according port for each one, but there must be any
> other way to do it...
>
> Thanks for any suggest..
> Daniel