[Dshield] DCOM VPN Question

Johannes B. Ullrich jullrich at sans.org
Wed Aug 13 18:41:22 GMT 2003


This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


first time I hear this. I was under the impression, that people use VPNs
to allow access to port 135 without having to open the firewall. Of
course, the
issue of expanded perimeter comes to mind :-/.

So far, the most frequently cited use of port 135 is for Outlook to
connect to Exchange. Some Exchange admin functions, and some MSSQL
functions require port 135 as well.

On Wed, 2003-08-13 at 14:54, Jon R. Kibler wrote:
> Greetings:
> 
> I just had an interesting conversation with a network security person that was having problems blocking the ports used by the DCOM worm. They indicated that they had tried to block 135/TCP on their border router, but clients running Microsoft VPN started complaining because they could not connect. 
> 
> It appears that Microsoft VPN uses 135/TCP for RPC services used to establish a VPN connections. Is anyone familiar with this issue? What if anything is the solution to this problem? It is my understanding that these clients have no choice but to use Microsoft VPN.
> 
> Feedback (other than slamming Microsoft!) please!
> 
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/OoZRR1p7hYJvB/wRAocsAJ4+cKeZJz3kUrbrJozpauiaZhunQQCeN8by
9dp184TKUNYAxZcR4U0lI2I-----END PGP SIGNATURE-----

--
SHA1



More information about the list mailing list