Security Basics mailing list archives
RCP open! Yikes! What to do?
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Wed, 18 Sep 2013 11:14:29 -0700
Hi All, How do I close MSRPC (remote proceedure call) ports Om Windows 7? These a Remote Procediure Call (RPC), which to me means ports and services for bad guys to use. Open RPC scare me. The is Kaspersky End Point Security 10.1.0.867 with its firewall activated on Windows 7, 64 bit. This Windows macine a Virtual Machine (KVM) sitting on the RHEL host's local network. nmap was run from the host: Many thanks, -T # nmap --reason 192.168.255.112 Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-16 19:42 PDT Nmap scan report for KVM-W7.xxx.local (192.168.255.112) Host is up, received arp-response (0.00044s latency). Not shown: 989 closed ports Reason: 989 resets PORT STATE SERVICE REASON 135/tcp open msrpc syn-ack 139/tcp open netbios-ssn syn-ack 445/tcp open microsoft-ds syn-ack 1110/tcp filtered nfsd-status no-response 5357/tcp open wsdapi syn-ack 49152/tcp open unknown syn-ack 49153/tcp open unknown syn-ack 49154/tcp open unknown syn-ack 49155/tcp open unknown syn-ack 49156/tcp open unknown syn-ack 49157/tcp open unknown syn-ack The high ports are msrps ports:Reference: http://serverfault.com/questions/526607/what-is-msrpc-needed-for-on-a-windows-7-workstation
Port Serv Process name 49152, msrpc [wininit.exe] 49153, msrpc [svchost.exe, Eventlog] 49154, msrpc [svchost.exe, Schedule] 49155, msrpc [lsass.exe] 49157, msrpc [services.exe] 49159, msrpc [svchost.exe, PolicyAgent] -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RCP open! Yikes! What to do? ToddAndMargo (Sep 18)
- Re: RCP open! Yikes! What to do? Ansgar Wiechers (Sep 19)
- Message not available
- Re: RCP open! Yikes! What to do? Ansgar Wiechers (Sep 19)
- Message not available
- Re: RCP open! Yikes! What to do? Ansgar Wiechers (Sep 19)