Auditor Help: Port Usage

Target system services require particular ports for communication. Clients of these services, such as the system running Ecora software, initialize connections to these services using ports 1024-5000, the ports designated for outgoing connection calls.

Target Services for Ecora for Windows:

Port 135 Microsoft DCE Locator service or "end-point mapper" (TCP) allows computers to invoke and remotely manage services. This port is required for RPC-based services such as Remote Registry calls. The actual port used in the RPC connection is dynamic, though it is always negotiated via this port. By default, the RPC dynamic port allocation negotiation process randomly selects port numbers above 1024 (see the RPC port description below for more information).

Port 137 NetBIOS name service (TCP, UDP) provides a means for Microsoft hostname and address mapping on a NetBIOS network. If you are using NetBIOS you may need to permit traffic at this port to assist in NetBIOS name query, resolution, and registration.

Port 138 NetBIOS datagram (UDP) is used for Microsoft network logon and browsing. If you are using NetBIOS you may need to permit traffic at this port to assist in NetBIOS name query, resolution, and registration.

Port 139 NetBIOS Session -- SMB (TCP): File and Printer Sharing on Microsoft Windows systems can run over this port. If you are using NetBIOS you may need to permit traffic at this port to permit access to the shares of target systems. Target systems running Windows NT4 will always require access to this port for Ecora software functionality.

Port 445 SMB over TCP/IP (TCP, UDP): If both the system where Ecora software is installed and the target system are running Windows 2000, XP, or Windows 2003, the software will use port 445 instead of using port 137, 138, and 139 when NetBIOS over TCP/IP is disabled. Additionally, port 445 can be used by systems with NetBIOS over TCP/IP enabled; ports 139 and 445 are queried simultaneously and the first to respond is used.

  For more information, please consult Knowledgebase Article 204279.

RPC ports used by Microsoft software are dynamically assigned, with default assignments beginning at port 1024. The purpose of each connection (ports used) is negotiated through the RPC endpoint mapper, at port 135. The actual range available for use is a configurable parameter.

  For more information, please consult Knowledgebase Article 154596.

If you use a SQL Server, additional considerations of ports can be required:

Port 1433 SQL Server: The SQL Server listens for incoming connections on a particular port, with the default port of 1433. For Named Instances, the SQL software assigns a unique port. The actual port used is a SQL Server setup configuration option.

Port 1434 SQL listener: SQL Server establishes a listener service on UDP port 1434 that lets a client query the server for a list of named instances and their network configuration information. This listener service always runs on UDP port 1434 and can't be configured to run on another port. Ecora Software must browse the network for SQL instance names, therefore this port is required.

  For details on using Microsoft SQL Server through a firewall, please consult the Knowledgebase Article 287932.