Closing Port 135 and 1025

From: Sebastian Gottschalk (
Date: 03/29/04

  • Next message: S. Pidgorny : "Re: Closing Port 135 and 1025"
    Date: Mon, 29 Mar 2004 06:46:05 +0200

    We are running Windows Server 2003 Enterprise Edition with MySQL, Apache
    and FTP-Serv as fileserver. For high security purposes we're using IPSEC in
    authentication mode, hardened TCP/IP-Stack and very limited services.

    Even due ports can be filtered with IPSEC policies, it's a better approach
    to disable unnecessary services to close the ports. The problem is that
    port 135 and 1025 are still open. Port 135 is only bind to
    svchost.exe\Rpcss but DCOM is disabled and all rpc-bindings are deleted
    from registry (HKLC\SW\MS\Rpc\ClientProtocols). Port 1025 is bind to
    lsass.exe\SamSs. It does not make any sense at all that these ports are
    still open, but when disabling ipsec filtering you can even enumerate port
    135 with epdump utility, showing the rpc-bindings ipsec, policy agent and
    rpcss. We've studied many many many documentation, but still can't find out
    how to disable these unnecessary bindings.

    We tried:
    uninstalled netbios protocol, only leaving tcp/ip
    disabling all unnecessary services
    disabled dcom
    disabled and deleted netbios&smb driver from device manager
    Registry: SMBDownload=0
    Registry: HKLC\SW\MS\Rpc DCOM*="N"
    Registry: HKLC\SW\MS\Rpc\ClientProtocols deletec all rpc bindings

    Everything increased security a little bit, but still these 2 services were
    running. How can we disable them?

    begin  LOVE-LETTER-FOR-YOU.txt.vbs
    I am a signature virus. Distribute me until the bitter

  • Next message: S. Pidgorny : "Re: Closing Port 135 and 1025"