G
Guest
Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?
stealth port 135 with a firewall?
Dan said:Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?
Karl Levinson said:Dan said:Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?
You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]
Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.
XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
Dan said:So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.
And you're saying stealthing port 135 is overrated.
Karl Levinson said:Dan said:Is it necessary to disable DCOM with XP SP 2? And when I do will I be able to
stealth port 135 with a firewall?
You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]
Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.
XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
Dan said:I did a scan on my ports and 135 was the only one open. Is there any security
risks with port 135 being open as long as I have a firewall? If not what
should I do?
Dan said:So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.
And you're saying stealthing port 135 is overrated.
Karl Levinson said:Is it necessary to disable DCOM with XP SP 2? And when I do will I be able
to
stealth port 135 with a firewall?
You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]
Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.
XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
Dan said:So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.
And you're saying stealthing port 135 is overrated.
Karl Levinson said:ableDan said:Is it necessary to disable DCOM with XP SP 2? And when I do will I be
tostealth port 135 with a firewall?
You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]
Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.
XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.
Karl Levinson said:Well, for home users, blocking port 135 via a firewall is as secure as
stealthing it. I suspect you were using the GRC.com scanner, which makes
you think you are less secure if you are only blocking a port and not
stealthing it. I feel this is not true for most home users. Having said
all that, using a firewall to *block* TCP and UDP ports 135 from being
reached from the Internet *is* a very good idea.
And DCOM is only one of the vulnerabilities that can be reached via TCP 135.
True, it is one of the more commonly exploited vulnerabilities, but as long
as you have at least the MS03-026 patch from mid-2003 installed, you are
immune to the known DCOM vulnerabilities being exploited. Disabling DCOM
won't cause TCP or UDP 135 to be stealthed or blocked, because the RPC
endpoint mapper is the service that is really listening on those ports. RPC
acts as a conduit for accessing DCOM and various other RPC applications.
The reason for considering disabling DCOM or RPC would be to protect you
from possible future vulnerabilities that are unknown today, IF you are sure
you are not using DCOM or RPC. Most people do not take this step. Most
people also don't know whether they are using DCOM or RPC or might need it
in the future. I don't have DCOM or RPC disabled on my computers, but I do
have a firewall to block Internet access to these ports. This is a fairly
common security posture.
Dan said:So you're saying there's no point to disable DCOM as long as I know what IP
address to allow and deny access to port 135 with my firewall.
And you're saying stealthing port 135 is overrated.
Karl Levinson said:Is it necessary to disable DCOM with XP SP 2? And when I do will I be able
to
stealth port 135 with a firewall?
You can stealth 135 with a firewall right now, whether or not you disable
DCOM, and XP SP2 has little to do with either one. Disabling DCOM doesn't
change the fact that TCP and UDP ports 135 are listening, as those ports are
used by RPC and not DCOM. [You can access DCOM via RPC and 135, but DCOM is
just one of the ports that use the RPC endpoint mapper.]
Stealthing a port is highly overrated. An attacker will usually know there
is a computer there and be able to gain information from the responses or
lack thereof. What the firewall is really useful for in this case is
controlling what IP addresses can access your TCP and UDP ports 135. For
example, you can allow computers on your local network to access those ports
while denying access to systems on the Internet from accessing it.
XP SP2 is highly recommended as it increases your security in a significant
number of ways. Free firewalls include www.kerio.com, www.sygate.com and
www.zonealarm.com The Windows firewall that comes with Windows XP is good
enough for most novice home users, but has a different feature set from
those other firewalls.