Re: DCOM

From: Dan (Dan_at_discussions.microsoft.com)
Date: 06/04/05


Date: Sat, 4 Jun 2005 06:39:11 -0700

So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.

And you're saying stealthing port 135 is overrated.

"Karl Levinson, mvp" wrote:

>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:068AF04B-D29D-496C-8A73-443393570E91@microsoft.com...
> > Is it necessary to disable DCOM with XP SP 2? And when I do will I be able
> to
> > stealth port 135 with a firewall?
>
> You can stealth 135 with a firewall right now, whether or not you disable
> DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
> change the fact that TCP and UDP ports 135 are listening, as those ports are
> used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
> just one of the ports that use the RPC endpoint mapper.]
>
> Stealthing a port is highly overrated. An attacker will usually know there
> is a computer there and be able to gain information from the responses or
> lack thereof. What the firewall is really useful for in this case is
> controlling what IP addresses can access your TCP and UDP ports 135. For
> example, you can allow computers on your local network to access those ports
> while denying access to systems on the Internet from accessing it.
>
> XP SP2 is highly recommended as it increases your security in a significant
> number of ways. Free firewalls include www.kerio.com, www.sygate.com and
> www.zonealarm.com The Windows firewall that comes with Windows XP is good
> enough for most novice home users, but has a different feature set from
> those other firewalls.
>
>
>