Shutting down ports
I am running a game server and I want to shut down any unnecessary ports. I did a port sniff and this is what I got. Port State Service 80/tcp open http 135/tcp open loc-srv 135/udp open loc-srv 161/udp open snmp 500/udp open isakmp 1025/tcp open listen 1026/tcp open nterm 1027/udp open unknown 3389/tcp open msrdp ...
I am running a game server and I want to shut down any unnecessary ports. I did a port sniff and this is what I got.
Port State Service
80/tcp open http
135/tcp open loc-srv
135/udp open loc-srv
161/udp open snmp
500/udp open isakmp
1025/tcp open listen
1026/tcp open nterm
1027/udp open unknown
3389/tcp open msrdp
27015/udp open unknown
The ports that need to be open are for the http server (80), traffic monitoring (161), TS (3389) and the game server (27015). I want to shut down the rest. What services do I need to shut off to do this and is that prudent.
thanks.
Port State Service
80/tcp open http
135/tcp open loc-srv
135/udp open loc-srv
161/udp open snmp
500/udp open isakmp
1025/tcp open listen
1026/tcp open nterm
1027/udp open unknown
3389/tcp open msrdp
27015/udp open unknown
The ports that need to be open are for the http server (80), traffic monitoring (161), TS (3389) and the game server (27015). I want to shut down the rest. What services do I need to shut off to do this and is that prudent.
thanks.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
It would be easier and faster to use a Firewall. You can shut down ports, among other things. Try www.tinysoftware.com for a good rated firewall (for personal use it's freeware).
Or if you have a cable/dsl connection, get yourself a router. You can do more fancy stuff with it, like NATing, port redirection, DHCP,etc. All configurable via browser.
From looking at your last port, I would suggest you use a Punkbuster server too That would complicate your port range selection though...
Or if you have a cable/dsl connection, get yourself a router. You can do more fancy stuff with it, like NATing, port redirection, DHCP,etc. All configurable via browser.
From looking at your last port, I would suggest you use a Punkbuster server too That would complicate your port range selection though...
Thanks for the recommendations. We tried PB, but got more complaints after implentation than before. Now that they have stopped up[censored] PB, it doesn't stop the new cheats.
A software firewall would be cool if it didn't add any latnecy to the clients and didn't eat up too much resources. We will look into that.
Meanwhile, I would still like to shut down any services that don't need to be open for our simple game server.
btw, the OS is w2k server.
Thanks again...
A software firewall would be cool if it didn't add any latnecy to the clients and didn't eat up too much resources. We will look into that.
Meanwhile, I would still like to shut down any services that don't need to be open for our simple game server.
btw, the OS is w2k server.
Thanks again...
If you select "permit only" (in TCP/IP properties for the NIC) and enter those ports to leave open, then you should be fine as far as blocking goes. I don't use this myself, as I either use a hardware firewall of find a NAT/Proxy package that will allow for port filtering/forwarding (which Win2K does have a nice one in "Routing and Remote Access" that comes with server). This method will also include a bit more work on your part as most software firewalls have simple interfaces to guide you through your tasks.
One more thing, is this system sitting on a LAN and receiving the connections to be limited from the Internet? If so, you could use 2 NICs and just lock down all the traffic on the external one. Just bear in mind this might have to take some adjustments, as I can't remember if this filter only blocks SYN/ACK packets or all traffic to the listed ports. If it indeed blocks ALL traffic, you might have some issues with DNS requests and FTP going out. If you install Routing and Remote Access, you can also install the NAT module and tweak it from there.
One more thing, is this system sitting on a LAN and receiving the connections to be limited from the Internet? If so, you could use 2 NICs and just lock down all the traffic on the external one. Just bear in mind this might have to take some adjustments, as I can't remember if this filter only blocks SYN/ACK packets or all traffic to the listed ports. If it indeed blocks ALL traffic, you might have some issues with DNS requests and FTP going out. If you install Routing and Remote Access, you can also install the NAT module and tweak it from there.
