RE: WARNING! -- RPC ports on Win2k
From: LordInfidel (LordInfidel_at_Directionweb.com)
Date: 11/26/03
- Previous message: irado furioso com tudo: "Pen test: which ones??"
- Maybe in reply to: H. Nachtwandler: "WARNING! -- RPC ports on Win2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'H. Nachtwandler'" <sleepwalker@saintly.com>, compjma@hotmail.com Date: Wed, 26 Nov 2003 09:18:27 -0500
Just so everyone is clear on this,
If you are working in a domain or workgroup enviroment, want to share files
between system via
MS's sharing mechanism. Then you can not remove "client for ms networks"
and "MS file and print sharing"
(Which effectively turns off RPC <135-139 and 445>).
However these ports should *NEVER* be allowed inbound or outbound thru a
firewall.
Next, I heard someone talk about IIS and it's reliance on it, this is not
true. However, if your
IIS sever is multihomed with a front end interface (insecure internet
facing, aka public) and a back end interface (pvt netwk to connect to other
back end servers). Then you can not uninstall the 2 services, by doing so
you remove them from all network adapters. Instead you simply unbind the
services from the public interface (uncheck the pretty boxes).
On the flip side, if the srvr or wkstn is a standalone host, that is it does
not need to contact other MS machines for files or conduct domain level
authentication. Then you can safely remove the 2 services bound from your
network adapter and still operate without any repercussions on the local
machine.
No machine on the public net, without a firewall in front of it to protect
it, should have RPC ports listening, POINT BLANK!
LordInfidel
-----Original Message-----
From: H. Nachtwandler [mailto:sleepwalker@saintly.com]
Sent: Tuesday, November 25, 2003 12:16 PM
To: compjma@hotmail.com
Cc: security-basics@securityfocus.com
Subject: WARNING! -- RPC ports on Win2k
Do not disable RPC service. Doing so will give you a bad afternoon, as I
discovered the hard way.
Viz. --
http://www.blackviper.com/WIN2K/win2kservice411.htm#Remote_Procedure_Call_(R
PC)
> Gift-shop online from the comfort of home at MSN Shopping! No crowds,
free
> parking. http://shopping.msn.com
>
>
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>
----- Original Message -----
From: -----
Date: Tue, 25 Nov 2003 12:07:48 -0500
To: <sleepwalker@saintly.com>
Subject: FW: RPC ports on Win2k
>
>
> -----Original Message-----
> From: Chris Berry [mailto:compjma@hotmail.com]
> Sent: Monday, 24 November 2003 17:52
> To: security-basics@securityfocus.com
> Subject: Re: RPC ports on Win2k
>
>
> >From: DIEGO PROTTA CASATI/6175/012/Graduacao <diego-casati@inatel.br>
> > I was wondering if anyone knows how to close the RPC ports on a Win2k
> >box.
> >Someone told me that it was possible. Anyone?
>
> Well, you could turn off the rpc service, enable tcp/ip filtering, and/or
> use a firewall.
>
> Chris Berry
> compjma@hotmail.com
> Systems Administrator
> JM Associates
>
> "The ability to destroy a planet is insignificant next to the power of the
> Force." --Darth Vader
>
> _________________________________________________________________
-- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: irado furioso com tudo: "Pen test: which ones??"
- Maybe in reply to: H. Nachtwandler: "WARNING! -- RPC ports on Win2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
