hi !!
installed: ZApro, spywareguard, spywareblaster, Spybot_SD, NSystemWork2003, MRUblaster.

just tried to filter TCP/IP allowing ONLY the following ports:

TCP
20,
21, FTP
22, SSH Remote login
23, telnet
25, smtp
53, dns
67, DHCP/BootP
68, DHCP/Bootp prot server
80, HTTP
88, Kerberos
90, Wins
110, POP3
137, Netbios Name Service
138, NetBIOS Datagram Service
139, NetBIOS Session Service
161, SNMP
162, SNMPTRAP
443, SSL
8080, SHTTP

IP Port
6, TCP
17, UDP

then i lost conectivity. it seem like DNS doesn´t work !! ´cause typing the ip address directly works

whats wrong? do you think this is a good practice, i mean a secure one?

Hi xTiNcTion

Using the TCP/IP filtering capabilities within the OS is probably not the best way to go. As you have found with UDP traffic such as DNS querries, the filtering as you had it set up only allows for port 53. This is fine for a server, but for a client making the DNS querry it does not allow for the ephemeral port (1024-5000) used by the system.

If you are interested in this type of OS filtering of your network traffic, a custom IPSec policy is probably the better way to go and more flexible.

A couple of links to get you started:

IPSec and you... (http://www.analogx.com/contents/articles/ipsec.htm)

Windows 2000 Firewalling (http://homepages.wmich.edu/~mchugha/w2kfirewall.htm)

Regards,

CrazyM

Tkz CrazyM

i read about it in a old NAVY´s securing NT guide. i totally forget those ports !!

tkz again my friend :)