port blocking

[Mike Monocchi]

Is there any way to prevent a Windows 2000 server from
allowing certain ports to be opened by applications? For
instance, if I did not want port 80 to be open, I can
disable the WWW service but is there another way to lock
down ports besides disabling the applications or services
that use them? I have an application that needs ports 9010
and 9020 but it won't work because the ports are not
available. Here I have an app trying to open a port but
something is block it. Something local on the server, not
a firewall. I checked everywhere on the system I could
think of. Could it be a Registry or security policy
setting?


..

 

[Curtis Koenig [MSFT]]

Hi Mike,
While you can't "block" ports per se you can limit their use. You can set
TCP/IP filters on a given connection via the advanced settings in not allow
traffic on the ports for specific TCP, UDP or IP protocol level. This will
not reserve the port for an application it will just allow it to be used or
not. It is possible that another application is using the port that the
application wants. You can see if a port is in use at the command line by
using the "netstat -an |findstr <port number>" command. The -an shows all
ports that are connected and listening in numerical form. By using |findstr
this searches for the string you put after it, so if you use "netstat -an
|findstr :9010" it will only list the entries that netstat puts out that
mach having :9010 or port 9010 as an entry.
--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support

Microsoft Certified Systems Engineer
Microsoft Certified Systems Engineer - Security

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
--------------------