Just a thought about port 135

Discussion in 'other firewalls' started by FireDancer, Aug 24, 2003.

Thread Status:
Not open for further replies.
  1. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi All,

    I am still in the process of learning..(aren't we all?) LOL.. anyways I am rapidly learning all about my firewall and router thanks to Wilders :). I posted a while back on port 113 as I had done a scan at WWW.GRC.COM.. nice work by the way... and all my ports came up stealthed but port 113 it showed just closed.

    So, I asked the big question...WHY? The responces I got back from CrazyM and BltzenZues were that closed was just as good as stealthed, and there was really no reason to worry or start writing rules for the port as it was not needed. CrazyM then made the suggestion to me to look into my router config (LinkSys 4 port) under the advance>forwarding and there it was that I could
    direct port 113 to a non existant ip and that would stealth it instead of showing it just closed. Worked out nicley too it now shows stealth at GRC :)

    With all this HOOPLA on the internet latley with port 135
    even though my port 135 is stealthed could I infact forward the port 135 as I did with 113 as a added layer of protection? Or is this really not necessary? Just a thought. Any comments or ideas on this thought would be greatly appreciated.

    Best Wishes,
    FireDancer
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    If you want to make any rule for that, many people make rules to block local, incoming, to 135-139 TCP and UDP in their software firewall rules.
    Nothing gained by forwarding 135 with your router.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi FireDancer

    It would not add anything in the way of security.
    Ideally you should let your router deal with any unsolicited inbound connection attempts and packets. No point forwarding anything through unless you have to.

    Regards,

    CrazyM
     
  4. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi Root and CrazyM,

    hope you are both having a great weekend :) I have rules for 137-139 allready and really dont feel the need to make any more as I do not use networking on my puter..allthough I might some day :). Port 135 as of right now is stealthed and I belive that All un soliceted packets will be ignored :). I belive if I read right that this worm is only affecting win 2000/XP/ect I am curently running WIN98SE and dont belive I have to worry about it.

    My thinking was that by forwarding the traffic it might add a layer of protection on top of the stealth. I guess my thinking was way off :) I am sorry if my thoughts seemed or are in some shape of ignorance. I was thinking that if a packet was solicited to 135 you might be able to dodge a possible attack by re directing or forwarding the inbound traffic to that port. Thanks for setting me straight. I am very secure at the moment and thank all you for making that possible.

    I still continue to pick at the brains of my superiors as it serves me well.. consider your selfs superiors :) all of you here at Wilders are great thanks much.

    Best Wishes,
    FireDancer
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    speaking of port 135, you might want to block incoming traffic on port 135 UDP as well, as it is used by MS Messenger Service...
    Dolf
     
  6. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi Dolf,

    Thanks for the suggestion...allthough I allread have a Block ALL Lower ports rule 1-1023 :D

    FireDancer :cool:
     
Loading...
Thread Status:
Not open for further replies.