Filtering TCP/IP Packets

Note: TCP/IP Filtering can filter only inbound traffic. This feature does not affect outbound traffic. Use IPSec Policies or packet filtering or Firewall if you require more control over outbound access. You can do this for a selected NIC adapter Practically everyone knows that the TCP/IP protocol tends to be a little complicated. Part of this complexity is due to the fact that its made up of many sub components, which consist of ports and protocols. Many of these ports and protocols are necessary for accomplishing day to day tasks. Other ports and protocols are seldom if ever used. These obscure protocols can endanger your networks security, because a hacker can exploit them to gain access to your network. To prevent a hacker from having such an opportunity, most administrators implement a firewall thats designed to block unused ports and protocols. What you may not know though is that Windows 2000 has many of these firewall capabilities built in. In this article, Ill show you how to block ports and protocols through Windows 2000. Before I get started, I should point out that this is no substitute for a true firewall. Its only a method of making your network a little more secure. Windows 2000 packet filtering works by blocking all packets except for the ones that you permit. Theres a chance that you may use protocols and packets outside of the ones that Im recommending, and thats fine. But for everyone else, I recommend blocking all packets except for the ones traveling on the port numbers shown below. If youve been working with TCP/IP for a while, youll probably recognize most of these. If there are some that you dont recognize however, dont worry about it. You wont have to do anything to the protocol directly except for add a number to a list. TCP Port Numbers Port 20 Port 21 Port 23 Port 80 Port 139 FTP Server Data Channel FTP Server Control Channel Telnet HTTP NetBIOS

UDP Port Numbers

Port 53 Port 69 Port 137 Port 161 Port 520

DNS Lookup TFTP NBNS SNMP RIP

IP Port Numbers Port 1 ICMP Port 2 IGMP Port 3 GGP Port 4 IP in IP encapsulation Port 5 ST stream Port 6 TCP Port 7 Often used for Computer Based Training Port 8 EGP Open the (TCP/IP) Properties sheet. Click the Advanced button to reveal the Advanced TCP/IP Settings properties sheet. Now, select the Options tab and select TCP/IP Filtering from the Optional Settings list, and click the Properties button. Youll now see the TCP/IP Filtering window. At the top of this window, theres a check box labeled Enable TCP/IP Filtering (All Adapters). I recommend making sure that this check box isnt selected because of the fact that it effects all of your connections. Instead, its more effective to apply filtering on an individual basis. The TCP/IP Filtering window is divided into three columns: TCP Ports, UDP Ports, and IP Protocols. Each of these columns have a set of radio buttons beneath them. By default, these radio buttons are set to Permit All. This allows all packets to flow freely. However, you can set any or all of the columns radio buttons to Permit Only, which will permit only the port numbers specified in the list below to pass through the connection. You can use each columns Add and Remove buttons to edit the list of allowed ports. For

example, if you wanted to permit the connection to access Web pages, you could add port 80 to the TCP Ports section. As you can see, packet filtering can add security to your network by blocking unauthorized types of packets. If you implement packet filtering and things dont seem to work right, you may be using a port other than the ones that Ive listed. If this happens to you, you can either add the missing port number to the list, or disable packet filtering all together. Its up to you.