Re: Port 135

From: Ed Martinez (godbless_at_godbless.com)
Date: 10/17/03 

Date: Fri, 17 Oct 2003 00:58:25 -0400

Thank you, but that doesn't answer the question.

With the RPC/DCOM patches applies, with the Microsoft test utility
indicating that the patch is applies, testing it locally and from remote,
is there still something going on with this "hole" that leaves the port
connected and established? In other words, did the patch do the job of
stopping the vulnerability of this particular hole?

There are times were I don't have the firewall up because it gets in the way
of testing. But in general, I have NO TCP/IP based services that are NOT
under my control. Absolutely, no ports are being serviced who are not under
my control. Unfortunately, we don't have control over PORT 135? Why is
that Microsoft? If I turn off RPC, everything else "breaks" in Windows.

Sure, a firewall works, but a firewall is just a "KLUDGE" to the real
PROBLEM.

Why don't we have control over port 135? What is it about this service
that this port must remain open? 

----
"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:uM2G$PFlDHA.2272@tk2msftngp13.phx.gbl...
> Firewall is really usually the best way.  Instead of turning it off, it's
> better that you should check the logs to see what ports are being blocked,
> then add a rule to allow those ports.  Could be you need a better firewall
> too.  If this is a single home PC, I think there should probably be no
> problems caused by blocking 135.
>
>
> "Ed Martinez" <godbless@godbless.com> wrote in message
> news:up#Q38$kDHA.2432@TK2MSFTNGP10.phx.gbl...
> > I have a firewall.  But there are times when I have to bring it down
since
> > it gets in the way of some other apps. I have Windows 2000/PRO with the
> > latest security patches (except the one just announced, those will be
> > applied tonight).
> >
> > What I still see at times, not all the time, is a port 135 session
either
> > established or some other state.  Nothing is going on. It just seems
like
> > its stuck or something.    Again, I have all the RPC, DCOM related
> security
> > patches.  I have used the Microsoft Testing tool and it reports the
> machine
> > is patched.
> >
> > What's going on here?
> >
> > Also, how can I effectively block port 135 on my machine without having
a
> > 3rd party firewall?  I know RPC is important and Microsoft depends on it
> for
> > other stuff, but it is possible to set it up under network settings to
> block
> > this port without any degradable or problem with Windows itself?
> >
> > Ed
> >
>
>

Relevant Pages

  • RE: Need assistance with Outlook over Internet config.
    ... I unable to telnet TCP 443 port of your public IP ... Temporarily disable the Firewall service. ... 'Microsoft Firewall' service. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: The current architecture is broken
    ... * Use a good firewall to block access to your computer from the Internet ... > download and keep up with all they send, but Microsoft has ... >> Internet to download all those security patches. ...
    (microsoft.public.security.virus)
  • Re: Port Range in Exceptions
    ... ability to specify port ranges, and a significant number of firewall admins ... and host-based firewall users use this feature, ... that is bad for Microsoft and is doomed to failure, ...
    (microsoft.public.windows.server.security)
  • RE: How do I forward ports?
    ... I assume that RRAS is utilized as the basic firewall since you are using ... TCP, fill in port 5900, inbound. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: Citrix and SBS 2003
    ... I'd like to confirm the steps you configure the port forwarding in SBS. ... Highlight NAT/Basic Firewall and you will see SBS server external ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)