How to block SMB/LDAP/KDC/KPASSWD/NTP ports via firewall

Note: following are only referring to useful ports

ldap:      389/tcp

ldap:      389/udp

smb:       445/tcp

kdc:        88/tcp

kpasswd:   464/tcp

ntp:       123/udp

 

1.     Block the ports on win2k3 via firewall

1)     Open the firewall under “Control Panel” ->”Windows Firewall”

2)     Check “on” in “General” tab

3)     Open the “Exceptions” tab

A: If

there is no 389/88/464/123 port ,you should add it to “Exceptions” but don’t check it

Way: click “Add Port”, input “Name”, “Port number” and select the “TCP” or “UDP”

Such as : block the kdc port, input “kdc” as “Name”, 88 as “Port Number” and select “TCP”

Else

  don’t check them directly

              B: To block SMB port, there is “File and Printer Sharing” default

             Select “File and Printer Sharing”-> “Edit…”->select “TCP 445”->

”Change scope..”->check “Any computer(including those on the Internet)”->”OK”

             Note: you also don’t check “File and Printer Sharing”

 

2.     Block the ports on win2k8 via firewall

1)     Open the firewall under “Control Panel” ->”Windows Firewall”, change the status of firewall from off to on

2)     Open “Windows Firewall with Advanced Security” under ”Administrative Tools”

Select “Inbound Roles”, you can look up port of service via “Local Port” field in the right pane

 Block the port, you should select the service satisfy two conditions as followed:

   “Profile” is any or domain; “Enabled” is Yes; 

        Then select the service and right click it, select “Properties”, check “Block the

connections” in “Action” pane under “General” tab

 Different machine may be has different service number for one port