Domains and Firewalls

[caddo65590]

Hi All,
I have two w2k domains seperated by a firewall. I have created a trust
between this two domains and only
allowing traffic through the firewall on ports recommend by microsoft as per
article Q179442.
I cannot perform certain functions across the firewall which otherwise would
have been normal operation.
The operation request port 1025 tcp on the firewall which is not open.
When we allow tcp port 1025 on the firewall all operations between the trust
works perfect.
Can anyone tell me why the need for port 1025 and why it is not mentioned in
the mocrosoft article?
All my research on port 1025 points to a Trojan Horse virus ( Remote Storm
virus ).
Any ideas?

 

[Richard Moreno]

Hi-

One article I found indicates that after an RPC attempt at talking to port
135 for a Windows system may fail it uses port 1025. I also found the
reference to an old Trojan named Remote Storm that exploits this port. Have
you run a sniff trace between the 2 PDC Emulators to try and identify when
and why 1025 is being used?

 

[Jimmy Andersson [MVP]]

Have you seen these two articles?

Q224196 - Restricting AD Replication Traffice to a Specific Port.
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q224196

AD Replication over Firewalls by Steve Riley:
http://www.microsoft.com/SERVICEPROVIDERS/columns/config_ipsec_p63623.asp

Regards,
/Jimmy