[Dshield] DCOM VPN Question
Johannes B. Ullrich
jullrich at sans.org
Wed Aug 13 18:41:22 GMT 2003
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
first time I hear this. I was under the impression, that people use VPNs
to allow access to port 135 without having to open the firewall. Of
issue of expanded perimeter comes to mind :-/.
So far, the most frequently cited use of port 135 is for Outlook to
connect to Exchange. Some Exchange admin functions, and some MSSQL
functions require port 135 as well.
On Wed, 2003-08-13 at 14:54, Jon R. Kibler wrote:
> I just had an interesting conversation with a network security person that was having problems blocking the ports used by the DCOM worm. They indicated that they had tried to block 135/TCP on their border router, but clients running Microsoft VPN started complaining because they could not connect.
> It appears that Microsoft VPN uses 135/TCP for RPC services used to establish a VPN connections. Is anyone familiar with this issue? What if anything is the solution to this problem? It is my understanding that these clients have no choice but to use Microsoft VPN.
> Feedback (other than slamming Microsoft!) please!
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC USA
> (843) 849-8214
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
9dp184TKUNYAxZcR4U0lI2I-----END PGP SIGNATURE-----
More information about the list