Re: Still Can't Block 135 with Symantec Firewall 2.01.

From: Larry (nospam_at_home.com)
Date: 07/30/03 

Date: Wed, 30 Jul 2003 12:02:17 GMT

On 29 Jul 2003 22:09:44 -0700, rconners@earthlink.net (Ron) wrote:

>I'm running Symantec Desktop Firewall 2.01 and when I run Sheilds-Up
>and Symantec Security Checks they tell me that my RPC Port 135
>is open and it SHOULD NOT be visible to the Internet. I added a new
>TCP & UDP Block (Inbound & OutBound)for port (Single Service) 135 but
>when I run the security checks it still says Port 135 is Open. I
>raised the new block to the TOP of the list and even rebooted but
>still
>the same problem. I've also ran Live Update but that didn't help. I
>have also run all the latest Windows 2000 Updates. Do you have any
>ideas?

Port 135 is used by Windows NT, itself as part of your network system.
You re-install it each time you reinstall Windows. It is used by
different parts of the network system listed below. If you block its
access (which you probably can't do because one of those encrypted
holes in Symantec's exceptions is port 135), network access to a lan,
not the internet, will fail. Some port just have to remain open so
other machines in the network can access this machine's system.

This list shows RPC is associated with MS Exchange Server....
You can lookup any port's function on:
http://ports.tantalo.net/index.php
or get the port number for a function the other way.

port name
port number
protocol
alias
note
type
URL

 

135
tcp

DHCP Manager (MS Windows NT 4.0)
-
[ support.microsoft.com ]

135
tcp

DNS Administration (MS Windows NT 4.0)
-
[ support.microsoft.com ]

135
tcp

WINS Manager (MS Windows NT 4.0)
-
[ support.microsoft.com ]

135
tcp

Client/Server Comm. (MS Exchange Server version 5.0)
-
[ support.microsoft.com ]

135
tcp

Exchange Administrator (MS Exchange Server version 5.0)
-
[ support.microsoft.com ]

135
tcp

RPC (MS Exchange Server version 5.0)
-
[ support.microsoft.com ]

epmap
135
tcp

DCE endpoint resolution
IANA

epmap
135
udp

DCE endpoint resolution
IANA

Larry W4CSC

"No, NO, Mr Spock! I said beam me down a WRENCH,
not a WENCH! KIRK OUT!"

Relevant Pages

  • Re: excessive TCP dulplicate acks revisted
    ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
    (freebsd-current)
  • excessive TCP dulplicate acks revisted
    ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
    (freebsd-current)
  • Re: Windows 2000 - MS Access XP and Sql Server 2005.
    ... The library is the library for the named pipes protocol; ... adding tcp: before the name of the server. ... the right port to use) at the end. ... I can't connect a client computer with windows 2000 to sql server 2005: ...
    (microsoft.public.access.adp.sqlserver)
  • Re: How to tell if a firewall alert is suspicious or not
    ... > WHY this SBCGlobal DNS server would be contacting Adobe Acrobat on port ... They have to parts, a kernel and the userland, in which programs, which are ... With Internet Protocol and TCP it is so, that any network interface in the ... To initiate a TCP connection, first the server has to "listen" on a port. ...
    (comp.security.firewalls)
  • Re: Why is Win Explorer accessing the Net?
    ... Client contacts Exchange Server. ... a port via RPC (TCP 135). ... Exchange server wishes to send information to client. ...
    (comp.security.misc)