|
Home > Archive > 70-216 > July 2003 > VPN Ports listening
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
VPN Ports listening
|
|
| Jonoplunk 2003-07-17, 3:26 pm |
| Evening all,
I put our companies old NT RAS server up to 2000 RRAS last night, as a fresh install.
Question is, when you install the RRAS it seems to install VPN ports by default. When you look at their status they are listening. Is there any way of either removing the VPN ports totally or deactivating the listening status, disable them until we decide that we actually want to use them.
These ports are ISDN modem ports. I understand that so long as we do not have a connection from these ports to an ISP then we aren't at danger of an attack on these ports, but I still don't like the idea of having them listening anyway. Maybe I am just too paranoid.
Please give me your opinion as to whether or not my paranoia is unfounded, otherwise your advise will be most welcome too. | |
| jocampo 2003-07-17, 4:07 pm |
| quote:
Originally posted by Jonoplunk
Evening all,
I put our companies old NT RAS server up to 2000 RRAS last night, as a fresh install.
Question is, when you install the RRAS it seems to install VPN ports by default. When you look at their status they are listening. Is there any way of either removing the VPN ports totally or deactivating the listening status, disable them until we decide that we actually want to use them.
These ports are ISDN modem ports. I understand that so long as we do not have a connection from these ports to an ISP then we aren't at danger of an attack on these ports, but I still don't like the idea of having them listening anyway. Maybe I am just too paranoid.
Please give me your opinion as to whether or not my paranoia is unfounded, otherwise your advise will be most welcome too.
You can not delete those ports. Alternatively, you could...and you SHOULD, disable the remote access permission on the port. Just leave enable those that you are going or planning to use.
So....your paranoid attitude "it's normal" and have sense.
 | |
| Jonoplunk 2003-07-17, 4:14 pm |
| Thanks for the response.
Quote; "you SHOULD, disable the remote access permission on the port."
How do I do this, do I need to use Remote Access policies. I also seem to remember reading up about the fact that if you are in a mixed environment you cannot use the Remote Access Policies to control Remote access and have to use the User's permissions to allow access. We are in a Mixed NT, Netware and 2000 environment, would this mean that I cannot disable the access permission on the port? | |
| jocampo 2003-07-17, 4:35 pm |
| quote:
Originally posted by Jonoplunk
Thanks for the response.
Quote; "you SHOULD, disable the remote access permission on the port."
How do I do this, do I need to use Remote Access policies. I also seem to remember reading up about the fact that if you are in a mixed environment you cannot use the Remote Access Policies to control Remote access and have to use the User's permissions to allow access. We are in a Mixed NT, Netware and 2000 environment, would this mean that I cannot disable the access permission on the port?
No man...you must go to PORTS, on the left side, on RRAS, then right click...then Properties. You just have to uncheck the "Remote Access request conecction" option. You also can set the max. ports number to zero. | |
| Jonoplunk 2003-07-17, 4:35 pm |
| I have found this in the MS Online Support
http://support.microsoft.com/defaul...00434&sd=tech#6
If I reduce the number of WAN Miniport (PPTP) Ports to "1" and then untick the "Remote Access Connections (Inbound only)" , this seems to disable the WAN Miniport conections yet still allows normal RAS dialin connections. | |
| Jonoplunk 2003-07-17, 4:39 pm |
| Thanks Jocampo, did some research and found the same solution you came back with. (See my reply). Feel like I have gotten a grasp on the RRAS ports this evening due to all this, thanks for your help. | |
| jocampo 2003-07-17, 4:44 pm |
| quote:
Originally posted by Jonoplunk
I have found this in the MS Online Support
http://support.microsoft.com/defaul...00434&sd=tech#6
If I reduce the number of WAN Miniport (PPTP) Ports to "1" and then untick the "Remote Access Connections (Inbound only)" , this seems to disable the WAN Miniport conections yet still allows normal RAS dialin connections.
If you want to put off one or several VPN ports, you should go to the PORTS option in RRAS.
But if you want to put off ALL the RAS Server, right click the Server on RRAS and uncheck the "Remote access server" option, on the GENERAL tab. Doin' this, you will disable the RRAS to accept remote connections. |
|
|
|
|