ZA(F), and Dist. Com Services(?)

Discussion in 'other firewalls' started by SG1, Sep 19, 2003.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Now & then ZAF (v2.6.231) tells me that Distributed Com Services (v4.71.2900) is listening on two ports, & not always the same ports. Read article recently on the Web that said Dist. Com Services isn't generally considered an "evil empire" operation nor is it generally used against one's PC, but...
    Dist. Com Services (Rpcss.exe) seems to go its own way, no matter how I instruct ZA to handle it. So, I just wondered in general, what is this Dist. Com. thing doing, exactly - anyone know?
    Thanks for any info, SG1 (Pat)
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Hi SG1,

    Here's a GRC page that describes DCOM in general, and is also rather timely given some of the current exploits that are being targeted. There is a tool there that allows you to disable it, if you'd like.

    http://grc.com/dcom/

    You certainly can block this with ZAF... However, don't confuse blocking unsolicited inbound connections to port(s) related to RPC and DCOM with the fact that the service will still be listening locally on your system. The firewall can protect you from people outside trying to connect to those ports, but, they'll still be there, open locally on your system, and that's okay.

    You can disable or leave it all enabled & firewalled, and still be secure.
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,452
    Location:
    North Carolina, USA
    Hi SG1,

    I agree with LWM about using the program at GRC...

    A bit more info from http://www.pacs-portal.co.uk/

    Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see herehttp://www.cexx.org/rpc.htm

    If you are on an NT based OS, you do not want to disable rpcss.exe. I would use gibson's DCOMbobulator to disable the expoloits....

    HTH...

    Regards,
    Kent
     
Loading...
Thread Status:
Not open for further replies.