From: Bill Stout[SMTP:bill .
> Sent: Tuesday, September 03, 1996 11:42 AM
> To: Firewalls @
> Subject: Re: NT port activity list
<stuff deleted> Like you Bill, I'm intrigued by this subject and would like
to know more, and I've been chatting with Russ offline.
> I haven't completed a Satan scan against an NT system yet, but this
> is what I got so far. Also much of the system-level communication
> is still a mystery; logon process, etc (RPC?).
<more stuff deleted>
My approach, if I had time, would be to set up an NT server on a small LAN
with one host sniffing the NT traffic and another flailing the NT server with
Satan. NT boxes seem to love to advertize their services. It should be an
easy exercise to generate a fair list of all the things NT responds to and just
how it responds would be quite educational.... One could use tcpdump or
similar, capture the NT traffic to a file and analyze it with Unix tools.
Perhaps someone would like to do this and let us all know the outcome? Its
important to know all the potentially dangerous services which should be
blocked or carefully handled by a firewall. I bet there are some builtins
no one knows about yet, like license crawlers. Oh, imagination and the
fascination of the unknown! Any far-siders talking out there? Any one in the
know from M$ itself reading this and feeling public spirited? Hot topic...
BTW you can learn quite a lot from your own firewall logs if you turn on
logging for every denied service and connection......
John L Hardcastle, Director, HARDCASTLE ELECTRONICS LIMITED
P O Box 74028 Market Rd, Auckland 5
Level 7, Eden House, 44 Khyber Pass Rd, Grafton, Auckland, NEW ZEALAND
Tel +64.9.366.1502 Fax +64.9.366.1554
Internet: john @