Security Basics mailing list archives
RE: WARNING! -- RPC ports on Win2k
From: LordInfidel <LordInfidel () Directionweb com>
Date: Wed, 26 Nov 2003 09:18:27 -0500
Just so everyone is clear on this, If you are working in a domain or workgroup enviroment, want to share files between system via MS's sharing mechanism. Then you can not remove "client for ms networks" and "MS file and print sharing" (Which effectively turns off RPC <135-139 and 445>). However these ports should *NEVER* be allowed inbound or outbound thru a firewall. Next, I heard someone talk about IIS and it's reliance on it, this is not true. However, if your IIS sever is multihomed with a front end interface (insecure internet facing, aka public) and a back end interface (pvt netwk to connect to other back end servers). Then you can not uninstall the 2 services, by doing so you remove them from all network adapters. Instead you simply unbind the services from the public interface (uncheck the pretty boxes). On the flip side, if the srvr or wkstn is a standalone host, that is it does not need to contact other MS machines for files or conduct domain level authentication. Then you can safely remove the 2 services bound from your network adapter and still operate without any repercussions on the local machine. No machine on the public net, without a firewall in front of it to protect it, should have RPC ports listening, POINT BLANK! LordInfidel -----Original Message----- From: H. Nachtwandler [mailto:sleepwalker () saintly com] Sent: Tuesday, November 25, 2003 12:16 PM To: compjma () hotmail com Cc: security-basics () securityfocus com Subject: WARNING! -- RPC ports on Win2k Do not disable RPC service. Doing so will give you a bad afternoon, as I discovered the hard way. Viz. -- http://www.blackviper.com/WIN2K/win2kservice411.htm#Remote_Procedure_Call_(R PC)
Gift-shop online from the comfort of home at MSN Shopping! No crowds,
free
parking. http://shopping.msn.com
---------------------------------------------------------------------------
----------------------------------------------------------------------------
----- Original Message ----- From: ----- Date: Tue, 25 Nov 2003 12:07:48 -0500 To: <sleepwalker () saintly com> Subject: FW: RPC ports on Win2k
-----Original Message----- From: Chris Berry [mailto:compjma () hotmail com] Sent: Monday, 24 November 2003 17:52 To: security-basics () securityfocus com Subject: Re: RPC ports on Win2kFrom: DIEGO PROTTA CASATI/6175/012/Graduacao <diego-casati () inatel br> I was wondering if anyone knows how to close the RPC ports on a Win2k box. Someone told me that it was possible. Anyone?Well, you could turn off the rpc service, enable tcp/ip filtering, and/or use a firewall. Chris Berry compjma () hotmail com Systems Administrator JM Associates "The ability to destroy a planet is insignificant next to the power of the
Force." --Darth Vader _________________________________________________________________
-- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- WARNING! -- RPC ports on Win2k H. Nachtwandler (Nov 25)
- <Possible follow-ups>
- RE: WARNING! -- RPC ports on Win2k LordInfidel (Nov 26)