Re: Closing Port 135 and 1025
From: S. Pidgorny
Date: 03/29/04
- Next message: Roger Haxby: "Re: What is a local logon?"
- Previous message: Sebastian Gottschalk: "Closing Port 135 and 1025"
- In reply to: Sebastian Gottschalk: "Closing Port 135 and 1025"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Mar 2004 19:28:11 +1000
Use rpccfg.exe to set RPC to listen on the loopback:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/rpccfg-o.asp
You'll find a link to the information on finetuning RPC bindings on MSDN.
That is about as long as you can go without using a firewall (which will not
shut down RPC listener anyway).
-- Svyatoslav Pidgorny, MVP, MCSE -= F1 is the key =- "Sebastian Gottschalk" <seppi@seppig.de> wrote in message news:1rhts7m1c7a5n$.dlg@news.individual.de... > We are running Windows Server 2003 Enterprise Edition with MySQL, Apache > and FTP-Serv as fileserver. For high security purposes we're using IPSEC in > authentication mode, hardened TCP/IP-Stack and very limited services. > > Even due ports can be filtered with IPSEC policies, it's a better approach > to disable unnecessary services to close the ports. The problem is that > port 135 and 1025 are still open. Port 135 is only bind to > svchost.exe\Rpcss but DCOM is disabled and all rpc-bindings are deleted > from registry (HKLC\SW\MS\Rpc\ClientProtocols). Port 1025 is bind to > lsass.exe\SamSs. It does not make any sense at all that these ports are > still open, but when disabling ipsec filtering you can even enumerate port > 135 with epdump utility, showing the rpc-bindings ipsec, policy agent and > rpcss. We've studied many many many documentation, but still can't find out > how to disable these unnecessary bindings. > > We tried: > uninstalled netbios protocol, only leaving tcp/ip > disabling all unnecessary services > disabled dcom > disabled and deleted netbios&smb driver from device manager > Registry: SMBDownload=0 > Registry: HKLC\SW\MS\Rpc DCOM*="N" > Registry: HKLC\SW\MS\Rpc\ClientProtocols deletec all rpc bindings > > Everything increased security a little bit, but still these 2 services were > running. How can we disable them? > > -- > http://piology.org/ILOVEYOU-Signature-FAQ.html >
- Next message: Roger Haxby: "Re: What is a local logon?"
- Previous message: Sebastian Gottschalk: "Closing Port 135 and 1025"
- In reply to: Sebastian Gottschalk: "Closing Port 135 and 1025"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
