[NCSA-discuss] a shameful problem

Jason Tower jason at cerient.net
Thu Jun 22 23:50:22 EDT 2006 

ok, i'm ashamed and embarassed to admit it, but i have one windows server 
that i have to administer.  it's a citrix server running under vmware, and 
here's the catch: i need to run it with a public ip address - no external 
firewall, no nat.

now, on a real server (read: *nix) i simply turn off all services that i 
don't want, verify with 'netstat -an' that only the ports i want listening 
are actually open, and away i go.  on this godforsaken windows box running 
'netstat -an' yields the following (note that it is currently behind a nat 
device, hence the 10.1.1.11 ip):

Active Connections

   Proto  Local Address          Foreign Address        State
   TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
   TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
   TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
   TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:1036           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:1039           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:1043           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:1433           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:1494           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:2512           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:2513           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
   TCP    0.0.0.0:27000          0.0.0.0:0              LISTENING
   TCP    10.1.1.11:139          0.0.0.0:0              LISTENING
   TCP    127.0.0.1:1434         0.0.0.0:0              LISTENING
   TCP    127.0.0.1:8009         0.0.0.0:0              LISTENING
   UDP    0.0.0.0:445            *:*
   UDP    0.0.0.0:500            *:*
   UDP    0.0.0.0:1037           *:*
   UDP    0.0.0.0:1041           *:*
   UDP    0.0.0.0:1276           *:*
   UDP    0.0.0.0:1434           *:*
   UDP    0.0.0.0:1604           *:*
   UDP    0.0.0.0:3701           *:*
   UDP    0.0.0.0:3771           *:*
   UDP    0.0.0.0:3820           *:*
   UDP    0.0.0.0:4057           *:*
   UDP    0.0.0.0:4094           *:*
   UDP    0.0.0.0:4309           *:*
   UDP    0.0.0.0:4500           *:*
   UDP    0.0.0.0:4561           *:*
   UDP    0.0.0.0:4615           *:*
   UDP    10.1.1.11:123          *:*
   UDP    10.1.1.11:137          *:*
   UDP    10.1.1.11:138          *:*
   UDP    127.0.0.1:123          *:*
   UDP    127.0.0.1:3768         *:*
   UDP    127.0.0.1:3817         *:*
   UDP    127.0.0.1:4054         *:*
   UDP    127.0.0.1:4091         *:*
   UDP    127.0.0.1:4186         *:*
   UDP    127.0.0.1:4306         *:*
   UDP    127.0.0.1:4487         *:*
   UDP    127.0.0.1:4558         *:*
   UDP    127.0.0.1:4612         *:*
   UDP    127.0.0.1:4651         *:*

holy smegging crap, this is what redmond considers "secure"?  the only 
external ports i want open are tcp 80/443 for the citrix web interface, and 
tcp 1494 for citrix itself.  presumably i can ignore the ports bound to 
127.0.0.1 but i don't have a clue about all the others, or how to disable 
them.  if anyone can help me prepare this box for public ip duty lunch 
(including beer) is on me.

jason

More information about the ncsa-discussion mailing list