Hello Chris

Look at the services configuration, you often have a "listen on" option

Example : DNS server

By default DNS is listening on all interfaces, you can verify with netstat
Command

netstat -an |find ":53"
UDP 0.0.0.0:53

Go to DNS server's config panel, and set an address to "listen to", let say
It should be bound to the internal address 192.168.25.16

Netstat will then show
UDP 192.168.25.16:53

Other interfaces (like WAN) shouldn?t reply to DNS requests.

Hope that helps

Have a nice day

Maxime Ducharme

-----Message d'origine-----
De : listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De
la part de Christian Koerner
Envoyé : 3 mai 2008 19:13
À : focus-ms (at) securityfocus (dot) com [email concealed]
Objet : Binding Windows Services to Specific Addresses Only

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody!

When it comes to Windows hardening and in specific restricting
Windows' services, the only suggestions that I've found so far are:
*) disable unnecessary services
*) restrict network access through packet filtering

What else can be done and isn't it possible to bind Windows' services
to a specific address/interface, e.g. LAN.

Thanks in advance
Chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIHPGV6rqywW28g1IRAohNAKCQ9vfcx/N5vRr0bbbiBityYayO4wCgottt
+JClyFFafYzq0ojEA0AfS1c=
=2nbF
-----END PGP SIGNATURE-----

[ reply ]