Specifications
Table Of Contents
- About This Document
- Understanding Networking and IP Addressing
- Introduction to Networking
- Networking using IP
- Niagara Considerations
- Additional Information
- Configuration and Troubleshooting Tools
- Connecting on a LAN
- Connecting with Direct Dial
- Connecting to an ISP
- Using Security Technologies
- Configuration Files Used for Communication
- Glossary
- Index
Chapter 6 Using Security Technologies
Default Niagara Port Numbers
Niagara Release 2.3
Niagara Networking & Connectivity Guide Revised: May 22, 2002
6–21
Note Ports 135 and 139 are standard open Windows ports. Therefore, they are likely to be
open on any Windows-based host, such as a Web Supervisor or engineering PC.
There are known security vulnerabilities with TCP and UDP ports 135 through 139.
However, because they are used by many Microsoft functions, it may not be
advisable to disable. Disabling them may mean that other functions (as listed in the
Knowledge Base article) may fail to work. For the best security, these hosts should
be located behind a packet filtering or other firewall device and access to these ports
should be restricted.
However, if you cannot locate the hosts behind a firewall you can disable most of the
open TCP ports without impacting Niagara or host administration functions. For our
application to function you must leave the following TCP server ports open on the
JACE-NP:
• 80 (or whichever HTTP port you use for station functions.)
• UDP: 80 (if you are using the station monitoring function)
• 3011 (or whichever Admin port you use for host administration functions)
• 37 (if using the host as a time synchronization server)
• TCP: 135, UDP 137, 138 (if this host is acting as a Windows print server for
other hosts)
• 139 (if using RCMD on a Full JACE-NP, or host is acting as a Windows print
server)
• 1503 (for NetMeeting—Embedded JACE-NPs only)
Note It is a good idea to test disabling the ports in a controlled environment before placing
equipment in the field. You may find, depending on the ISP setup, that you need to
enable some ports when you get the equipment to the field.
Embedded
JACE-NP only,
continued
17 QOTD (quote of the day)—RFC 865. Once a client establishes a connection,
a short message is sent out on the connection (and any data received is
thrown away). The service closes the connection after sending the quote.
19 Chargen (character generator)—RFC 864. Once a client establishes a
connection, a stream of data is sent out on the connection (and any data
received is thrown away). This continues until the client terminates the
connection.
Embedded and
Full JACE-NPs
135 epmap—Microsoft RPC end-point mapper. Used by a number of Windows
intercommunication process. See Microsoft Knowledge Base article
Q150543 for details.
1
139 netbios-ssn—Microsoft NetBIOS session service. Used by a number of
Windows intercommunication process. See Microsoft Knowledge Base
article Q150543 for details.
1
1. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q150543
Table 6-3 Additional default (non-Niagara) ports.
Platform Port Function