Hello Chris
Look at the services configuration, you often have a "listen on" option Example : DNS server By default DNS is listening on all interfaces, you can verify with netstat Command netstat -an |find ":53" UDP 0.0.0.0:53 Go to DNS server's config panel, and set an address to "listen to", let say It should be bound to the internal address 192.168.25.16 Netstat will then show UDP 192.168.25.16:53 Other interfaces (like WAN) shouldnt reply to DNS requests. Hope that helps Have a nice day Maxime Ducharme -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Christian Koerner Envoyé : 3 mai 2008 19:13 À : [email protected] Objet : Binding Windows Services to Specific Addresses Only -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everybody! When it comes to Windows hardening and in specific restricting Windows' services, the only suggestions that I've found so far are: *) disable unnecessary services *) restrict network access through packet filtering What else can be done and isn't it possible to bind Windows' services to a specific address/interface, e.g. LAN. Thanks in advance Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIHPGV6rqywW28g1IRAohNAKCQ9vfcx/N5vRr0bbbiBityYayO4wCgottt +JClyFFafYzq0ojEA0AfS1c= =2nbF -----END PGP SIGNATURE-----
