Re: DCOM
From: Dan (Dan_at_discussions.microsoft.com)
Date: 06/07/05
- Next message: thomas: "Re: Started asking for a password but no password set"
- Previous message: Juan: "Re: Lost Administrator account"
- In reply to: Karl Levinson, mvp: "Re: DCOM"
- Next in thread: Dan: "Re: DCOM"
- Reply: Dan: "Re: DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 7 Jun 2005 14:38:01 -0700
A little help again, I used the tools and now when I restarted some of the
ports are closed andsome appear to be open. do you know what happened? now
more than one port is open and alot are revealed.
"Karl Levinson, mvp" wrote:
> Well, for home users, blocking port 135 via a firewall is as secure as
> stealthing it. I suspect you were using the GRC.com scanner, which makes
> you think you are less secure if you are only blocking a port and not
> stealthing it. I feel this is not true for most home users. Having said
> all that, using a firewall to *block* TCP and UDP ports 135 from being
> reached from the Internet *is* a very good idea.
>
> And DCOM is only one of the vulnerabilities that can be reached via TCP 135.
> True, it is one of the more commonly exploited vulnerabilities, but as long
> as you have at least the MS03-026 patch from mid-2003 installed, you are
> immune to the known DCOM vulnerabilities being exploited. Disabling DCOM
> won't cause TCP or UDP 135 to be stealthed or blocked, because the RPC
> endpoint mapper is the service that is really listening on those ports. RPC
> acts as a conduit for accessing DCOM and various other RPC applications.
> The reason for considering disabling DCOM or RPC would be to protect you
> from possible future vulnerabilities that are unknown today, IF you are sure
> you are not using DCOM or RPC. Most people do not take this step. Most
> people also don't know whether they are using DCOM or RPC or might need it
> in the future. I don't have DCOM or RPC disabled on my computers, but I do
> have a firewall to block Internet access to these ports. This is a fairly
> common security posture.
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:032B9E11-8762-4B40-9B90-2D1751F35FD1@microsoft.com...
> > So you're saying there's no point to disable DCOM as long as I know what
> IP
> > address to allow and deny access to port 135 with my firewall.
> >
> > And you're saying stealthing port 135 is overrated.
> >
> >
> > "Karl Levinson, mvp" wrote:
> >
> > >
> > > "Dan" <Dan@discussions.microsoft.com> wrote in message
> > > news:068AF04B-D29D-496C-8A73-443393570E91@microsoft.com...
> > > > Is it necessary to disable DCOM with XP SP 2? And when I do will I be
> able
> > > to
> > > > stealth port 135 with a firewall?
> > >
> > > You can stealth 135 with a firewall right now, whether or not you
> disable
> > > DCOM, and XP SP2 has little to do with either one. Disabling DCOM
> doesn't
> > > change the fact that TCP and UDP ports 135 are listening, as those ports
> are
> > > used by RPC and not DCOM. [You can access DCOM via RPC and 135, but
> DCOM is
> > > just one of the ports that use the RPC endpoint mapper.]
> > >
> > > Stealthing a port is highly overrated. An attacker will usually know
> there
> > > is a computer there and be able to gain information from the responses
> or
> > > lack thereof. What the firewall is really useful for in this case is
> > > controlling what IP addresses can access your TCP and UDP ports 135.
> For
> > > example, you can allow computers on your local network to access those
> ports
> > > while denying access to systems on the Internet from accessing it.
> > >
> > > XP SP2 is highly recommended as it increases your security in a
> significant
> > > number of ways. Free firewalls include www.kerio.com, www.sygate.com
> and
> > > www.zonealarm.com The Windows firewall that comes with Windows XP is
> good
> > > enough for most novice home users, but has a different feature set from
> > > those other firewalls.
> > >
> > >
> > >
>
>
>
- Next message: thomas: "Re: Started asking for a password but no password set"
- Previous message: Juan: "Re: Lost Administrator account"
- In reply to: Karl Levinson, mvp: "Re: DCOM"
- Next in thread: Dan: "Re: DCOM"
- Reply: Dan: "Re: DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
