W2K and Port135

Discussion in 'other software & services' started by crockett, Jan 10, 2003.

Thread Status:
Not open for further replies.
  1. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    :)Hello guys; hope everyone is doing fine... Best wishes to all - may 2003 bring peace and (at least)some happiness to all this board's admins, members and visitors...

    A friend of mine has just bought a computer running on Windows 2000. W2K looks great, and I decided to take a tour on pcflank's testing site to see if the Norton PF on the machine was performing well.

    I ran the quick test which showed port135 to be open. I then checked the pcflank's ports database to get some details, and this port seems to be used by 'DCE Locator / Sun RPC Portmapper".

    I don't have any idea what it may be, perhaps some W2K feature which can be deactivated - if so how should I go about it ? Or is it a defect in the Norton firewall's defence system ? I know NPF may not be as excellent as KPF or LnS or Outpost or Sygate, but I don't have the heart to leave my pal's Registry messed up after deinstallation if I can somehow solve this Port135 problem in some other way...

    Can anyone help ? :D

    Rgds, Crockett :cool:
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I have never been able to kill port 135 on Win2k and keep my computer alive.
    I make it a standard practice to block local ports 135-139, TCP and UDP in and out period.
    You can search for DCOM, and port 135, on google and M$ and get all kinds of information, that has never helped me a bit. :D
     
  3. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi Root, thanks ;)

    Well, I guess I'll have to switch firewalls on the machine after all, since I ain't even sure blocking specific ports can be manually done on Norton PF... Stopped using it a long time ago.

    See you later, and hope everything's fine with you. :)

    Take care,

    Crockett :cool:
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Crockett

    Blocking specific ports/services can be done quite easily with NPF and port 135 inbound is usually blocked by default. Make sure your friend has security set to high. Then go in to the system wide portion of the rule set and check for a rule that will block inbound traffic to service/port 135. If there is not one there, you can easily create it. If you need spefic help with this feel free to ask and let me know which version of NIS/NPF your friend is running.

    Regards,
    CrazyM
     
  5. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hello CrazyM; sorry for being late...:)

    Thanks for the tip. I'll try to do as you suggested. Can't remember what the exact version is, I think it's NIS 2002 but I'll have to check it out.

    I remember ATGuard's rules could be accessed and updated manually - I guess it still can be done on the Norton/Symantec versions and that it may be what you're referring to...

    I'll come back and report on this as soon as I can.

    Rgds, Crockett :cool:
     
  6. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hello again ;)

    CrazyM, I installed on my own pc a 2001 version of Norton Internet Security Family Edition to see how I could add/create firewall rules individually... I couldn't find the place to start... :p

    How should I go about it ?

    Thanks,

    Crockett :cool:
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Crockett

    With NIS2001, which I believe is v2.x, you should find your rules under advanced settings - firewall tab (unlike later versions which have the rules split into different sections). That is where you can manually add and/or customize existing rules.

    For some suggestions/ideas on customizing rules to get you started...

    Customizing Rules

    System Wide
    Global Permit/Block
    Application
    Final Block

    For specific help I would suggest posting in the Other Firewalls Forum and we can take it from there.

    Regards,
    CrazyM
     
  8. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi CrazyM;

    I finally managed to edit and create new firewall rules on NIS :D which, I must say, seems to run pretty well on my pal's win2k-equipped pc.

    Thanks for your precious help... :)

    Rgds, Crockett :cool:
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Crockett

    Glad to hear all is going well with NIS. Here are some very useful utilities you might want to look at.

    AtGuardNISrules

    Log Viewer

    Regards,
    CrazyM
     
  10. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I managed to kill port 135 on win2k. But it broke my computer badly (broke copy and paste functions in IE for example), took me awhile to recover even with various emergency boot disks.

    Altough it is cool to do a netstat -an and see no listening ports, I woudnt recommend it..
     
  11. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi JayK :)

    What do you mean by 'killing port 135' ? Which operation did you submit the OS to ?

    Do you mean you firewall-blocked the port just as Root suggested ? I hallucinate you probably didn't use a firewall since your signature-quotation suggests you don't use any ?! ("I need no stinking firewalls")

    Regards, Crockett :cool:
     
  12. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Basically on WIn2k if you can close the RPC service, you will find that Win2k will not be listening on TCP 135. See

    http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.fr
    .if you want to try, but it was far too advanced for me (which isnt saying much since I'm a beginner). I managed to do it, but with adverse effects as noted before.

    Still it was good to close all the other ports like TCP 445 which is yet another Win2k speciality similar to the netbios port. Ironically, I found that I don't need TCP 445 for file sharing.

    >Do you mean you firewall-blocked the port just as Root suggested ?

    Nope. I managed to closed the port. Firewalls are well and good, but if the firewall fails for some reason, you are vulnerable. Much better to make sure no application is listening on the port...

    Of course that doesnt nothing for spyware calling out, but you can't have anything.

    >I hallucinate you probably didn't use a firewall since your signature-quotation suggests you don't use any ?! ("I need no stinking firewalls")

    Actually I use a firewall on my own computer (which is inside a small LAN) and have a very complicated firewall rule set with about 400 filters, about 350+ are for outbound known spyware ips http://www.geocities.com/yosponge/ to go with it.

    However, the computer running NAT is running with close to zero memory resident programs including NO firewalls,antivirus,anti-trojan,spyware guard etc mainly because other users would shut down whatever I ran because they felt it "slowed" then down. So I had to improvise.

    Win2k's ipsec packet filtering function works almost (but not quite) as well as a normal personal firewall. And it's almost 100% transparent and many users generally have no clue that it is working or how to shut it down. Also serves as a nice second firewall [Defence in depth right?] that is only closed if windows is closed :D

    http://www.analogx.com/contents/articles/ipsec.htm

    Still it sucks that the most vulnerable computer on the network is the least protected....
     
  13. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi JayK;

    Thanks for the specifics... Very interesting! :)

    Rgds, Crockett :cool:
     
  14. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    >Thanks for the specifics... Very interesting!

    Actually I lied. No point telling the whole world, how secure (or not) you are right?
     
Thread Status:
Not open for further replies.