[Dshield] DCOM VPN Question

Fitton, Robert (Bob) Rfitton at laborready.com
Wed Aug 13 19:05:42 GMT 2003


If by Microsoft VPN, he means PPTP, then TCP/135 is not needed to establish that connection.  TCP 1723 and GRE protocol (IP protocol 47) are used.  Perhaps his router is ALSO his tunnel endpoint, and he is blocking the TCP/135 after it comes through the tunnel?

Bob Fitton, Network Specialist
Labor Ready, Inc.
Tacoma, WA 98401


>-----Original Message-----
>From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
>Sent: Wednesday, August 13, 2003 11:55 AM
>To: list at dshield.org
>Subject: [Dshield] DCOM VPN Question
>
>
>Greetings:
>
>I just had an interesting conversation with a network security 
>person that was having problems blocking the ports used by the 
>DCOM worm. They indicated that they had tried to block 135/TCP 
>on their border router, but clients running Microsoft VPN 
>started complaining because they could not connect. 
>
>It appears that Microsoft VPN uses 135/TCP for RPC services 
>used to establish a VPN connections. Is anyone familiar with 
>this issue? What if anything is the solution to this problem? 
>It is my understanding that these clients have no choice but 
>to use Microsoft VPN.
>
>Feedback (other than slamming Microsoft!) please!
>
>Jon R. Kibler
>A.S.E.T., Inc.
>Charleston, SC  USA
>(843) 849-8214
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list