[Dshield] DCOM VPN Question

Johannes B. Ullrich jullrich at sans.org
Wed Aug 13 18:41:22 GMT 2003

This message was converted from multipart/signed to ascii armored
Hash: SHA1

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

first time I hear this. I was under the impression, that people use VPNs
to allow access to port 135 without having to open the firewall. Of
course, the
issue of expanded perimeter comes to mind :-/.

So far, the most frequently cited use of port 135 is for Outlook to
connect to Exchange. Some Exchange admin functions, and some MSSQL
functions require port 135 as well.

On Wed, 2003-08-13 at 14:54, Jon R. Kibler wrote:
> Greetings:
> I just had an interesting conversation with a network security person that was having problems blocking the ports used by the DCOM worm. They indicated that they had tried to block 135/TCP on their border router, but clients running Microsoft VPN started complaining because they could not connect. 
> It appears that Microsoft VPN uses 135/TCP for RPC services used to establish a VPN connections. Is anyone familiar with this issue? What if anything is the solution to this problem? It is my understanding that these clients have no choice but to use Microsoft VPN.
> Feedback (other than slamming Microsoft!) please!
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt

Version: GnuPG v1.2.1 (GNU/Linux)



More information about the list mailing list