Menu
Test centre rx: Security Tools Scan

Test centre rx: Security Tools Scan

On my Windows NT 4.0 Server with Service Pack 3, how can I know when different ports are being scanned or if there is any activity on ports? I use the command "Netstat" and was wondering if there's any better utility out there? Second, is there a complete list of port assignment mapping available? - Anees MirzaCheck out the services file for the port assignments. The file is located in the winnt/ system32/drivers/etc directory. Simply type out the file and you'll find port numbers for well-known services as defined by RFC 1060. As far as a single command, the Netstat command is all you get with NT. This command displays TCP/IP connections and protocol statistics.

Stuart McClure, our Test Centre support manager and security expert, has a few recommendations. First, check out Asmodeus' Security Scanner, which was recently acquired by WebTrends (www.web trends.com/wss). The product will eventually be named WebTrends Security Scanner. It will remain shareware until a full commercial product is made available, so now may be a great time to try it out.

Asmodeus will monitor port activity and may uncover some basic vulnerabilities.

In order to know when different ports are being scanned on your system, you'll need an intrusion-detection program. To view and understand what services are running on what ports or what your system vulnerabilities are, you'll need a security auditing program.

Our Test Centre recently conducted a network security checkup analysis and we compared intrusion-detection systems. In addition to the solutions we tested, check out Secure Network's Ballista (www.secnet.com). You can also check out the Test Centre's new Security Watch column for the most up-to-date information on network security (www. infoworld.com/security).

Faster is not better?

I suspect that DOS applications cannot use the cache on Pentium II processors. I just purchased a 233MHz Pentium II, and it runs my DOS-based applications at about the same speed as a Pentium 133. I run a process that takes one and a half hours on a Pentium 166 running Win 95; it takes two and a half hours hours on my Pentium II. In addition, I ran WinTune 98 and my machine beat all the others in the database. - Gary BlackBrooks Talley, our test manager, finds your results quite interesting - although they should not have much to do with cache on the Pentium II. The Pentium II cache is always enabled and is not aware of the type of applications being executed. Most likely, the difference occurs because the Pentium II is based on the Pentium Pro core, which is strongly optimised for 32-bit applications. Your various CPU, video, memory and disk results from Windows Magazine's WinTune are from 32-bit operations, and your DOS applications are either from 8-bit or 16-bit operations.

Easy as ABC

I recently expanded our network. It now has three subnets separated by two dynamic routers. The "middle" network, B, has a WINS [Windows Internet Naming Service] server. The two routers are also configured as DHCP [Dynamic Host Configuration Protocol] relays. The DHCP server is in network A. Most clients in each network (A, B, and C) are configured to automatically obtain their IP addresses and TCP/IP configuration settings from the DHCP server. Clients in network C can also obtain their TCP/IP configurations information from the DHCP server - including the address of the WINS server - but they can't PING clients in network A with NetBIOS names. A check of the WINS server database shows that it has registered the clients in network C. Am I missing something?

- Ari Okoke

Actually, this is a common stumbling block because we far too often assume NT Workstation and Windows 95 should behave similarly when typing and executing a command. In terms of setup and configuration, you're missing absolutely nothing. I was busy sorting out all of your question's details when Brooks Talley, our test manager, promptly commented that there is nothing wrong with the way your network is working. We assume the clients that can't PING (TCP/IP utility) using NetBIOS names are something other than NT workstations. Win 95 does not support IP name resolution for NetBIOS names when using certain IP-based applications, and NT Workstation does.

DHCP blues

I have two networks connected by a static router. The static router is a multihomed Windows NT 4.0 Workstation. Network A contains a Windows NT 4.0 DHCP [Dynamic Host Configuration Protocol] server. The DHCP server has separate scopes for network A and B clients. Network A clients are able to get their IP addresses from the DHCP server. I added a stand-alone Windows NT server on network B and made it a DHCP relay, but the clients on network B are still unable to get IP addresses from the DHCP server on network A.

I believe I did all the right things, including providing the DHCP relay with the IP address of the DHCP server. There is no WINS [Windows Internet Name Service] server on either network. I have applied Service Pack 3 to all NT Servers and Workstations on both networks. - Ari OgokeYou definitely have all the right ingredients for operational DHCP services, so there's no need to add WINS services to get DHCP services up and running. DHCP services dynamically assign IP addresses to clients and other devices, and WINS translates system or NetBIOS names into IP addresses. DHCP does not require WINS to function properly, although WINS-related information may be included in the DHCP information that is sent to each client.

It sounds as if you've configured everything correctly, except for the installation of the DHCP relay agent. The DHCP relay agent should be installed on your router. You currently have the DHCP relay agent installed on a stand-alone NT Server on network B. The DHCP Relay agent allows Windows NT Server to relay DHCP broadcasts between a DHCP server and client across a router.

Funnelling information

Essentially, it permits forwarding DHCP information between subnets. DHCP requests are broadcast requests, and these requests are not routed between your segments. Currently, your relay is not working - that's why clients on network B are unable to get IP addresses from the DHCP server, while clients on network A are able to attain IP addresses from the DHCP server located on the same network.

You need to move your DHCP relay services to your router, but unfortunately your current router is an NT Workstation. The DHCP relay agent requires NT Server, so you'll need to make a few changes to your network.

One option is to move your NT 4.0 Server, configure it as the router, and install the DHCP relay agent on it.

Test Centre technical director Laura Wonnacott has been working with computers for 15 years. Test Centre Rx applies the decades of experience in the InfoWorld Test Centre to readers' technical problems. Send us your own questions at testcenter_rx@infoworld.com


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments