DCOM

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?
 
Dan said:
Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?

You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]

Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.

XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
 
So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.

And you're saying stealthing port 135 is overrated.


Karl Levinson said:
Dan said:
Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?

You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]

Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.

XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
 
I did a scan on my ports and 135 was the only one open. Is there any security
risks with port 135 being open as long as I have a firewall? If not what
should I do?


Dan said:
So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.

And you're saying stealthing port 135 is overrated.


Karl Levinson said:
Dan said:
Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?

You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]

Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.

XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
 
Well, if your computer requires port 135 be open for some application
reason, then leaving the service running and blocking it via a firewall is
the best security you will be able to manage. You could disable the various
RPC services and see if anything breaks, and if it does, re-enable those
services. I believe there are lists on the Internet of some of the apps
that might break if you stop the RPC services, somewhere in Google.

You can also download the Blaster / RPC mitigation ipsec tools from
www.microsoft.com/downloads This will let you enable IPSec filtering to
block that port. This will let you continue to use RPC locally, but no one
else remotely will be able to access that port, including your Internet
vulnerability scan test. You can also set up a firewall to do this same
thing.


Dan said:
I did a scan on my ports and 135 was the only one open. Is there any security
risks with port 135 being open as long as I have a firewall? If not what
should I do?


Dan said:
So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.

And you're saying stealthing port 135 is overrated.


Karl Levinson said:
Is it necessary to disable DCOM with XP SP 2? And when I do will I be able
to
stealth port 135 with a firewall?

You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]

Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.

XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
 
Well, for home users, blocking port 135 via a firewall is as secure as
stealthing it. I suspect you were using the GRC.com scanner, which makes
you think you are less secure if you are only blocking a port and not
stealthing it. I feel this is not true for most home users. Having said
all that, using a firewall to *block* TCP and UDP ports 135 from being
reached from the Internet *is* a very good idea.

And DCOM is only one of the vulnerabilities that can be reached via TCP 135.
True, it is one of the more commonly exploited vulnerabilities, but as long
as you have at least the MS03-026 patch from mid-2003 installed, you are
immune to the known DCOM vulnerabilities being exploited. Disabling DCOM
won't cause TCP or UDP 135 to be stealthed or blocked, because the RPC
endpoint mapper is the service that is really listening on those ports. RPC
acts as a conduit for accessing DCOM and various other RPC applications.
The reason for considering disabling DCOM or RPC would be to protect you
from possible future vulnerabilities that are unknown today, IF you are sure
you are not using DCOM or RPC. Most people do not take this step. Most
people also don't know whether they are using DCOM or RPC or might need it
in the future. I don't have DCOM or RPC disabled on my computers, but I do
have a firewall to block Internet access to these ports. This is a fairly
common security posture.



Dan said:
So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.

And you're saying stealthing port 135 is overrated.


Karl Levinson said:
Dan said:
Is it necessary to disable DCOM with XP SP 2? And when I do will I be
able
to
stealth port 135 with a firewall?

You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]

Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.

XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
 
A little help again, I used the tools and now when I restarted some of the
ports are closed andsome appear to be open. do you know what happened? now
more than one port is open and alot are revealed.


Karl Levinson said:
Well, for home users, blocking port 135 via a firewall is as secure as
stealthing it. I suspect you were using the GRC.com scanner, which makes
you think you are less secure if you are only blocking a port and not
stealthing it. I feel this is not true for most home users. Having said
all that, using a firewall to *block* TCP and UDP ports 135 from being
reached from the Internet *is* a very good idea.

And DCOM is only one of the vulnerabilities that can be reached via TCP 135.
True, it is one of the more commonly exploited vulnerabilities, but as long
as you have at least the MS03-026 patch from mid-2003 installed, you are
immune to the known DCOM vulnerabilities being exploited. Disabling DCOM
won't cause TCP or UDP 135 to be stealthed or blocked, because the RPC
endpoint mapper is the service that is really listening on those ports. RPC
acts as a conduit for accessing DCOM and various other RPC applications.
The reason for considering disabling DCOM or RPC would be to protect you
from possible future vulnerabilities that are unknown today, IF you are sure
you are not using DCOM or RPC. Most people do not take this step. Most
people also don't know whether they are using DCOM or RPC or might need it
in the future. I don't have DCOM or RPC disabled on my computers, but I do
have a firewall to block Internet access to these ports. This is a fairly
common security posture.



Dan said:
So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.

And you're saying stealthing port 135 is overrated.


Karl Levinson said:
Is it necessary to disable DCOM with XP SP 2? And when I do will I be able
to
stealth port 135 with a firewall?

You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]

Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.

XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
 
Back
Top