[Dshield] DCOM VPN Question

andy.n.willson@exxonmobil.com andy.n.willson at exxonmobil.com
Wed Aug 13 19:48:40 GMT 2003


Some good info on ports...especially the 135 port - referred to as the
"end-point mapper" which is required for basics like VPN and Exchange.

http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm




Andy



                                                                                                                                        
                      "Darren Gasser"                                                                                                   
                      <kaos at earthlink.ne        To:      "General DShield Discussion List" <list at dshield.org>                           
                      t>                        cc:                                                                                     
                      Sent by:                  Subject:       Re: [Dshield] DCOM VPN Question                                          
                      list-bounces at dshie                                                                                                
                      ld.org                                                                                                            
                                                                                                                                        
                                                                                                                                        
                                                                                                                                        
                      08/13/03 01:08 PM                                                                                                 
                      Please respond to                                                                                                 
                      General DShield                                                                                                   
                      Discussion List                                                                                                   
                                                                                                                                        
                                                                                                                                        



Jon R. Kibler wrote:
> Greetings:
>
> I just had an interesting conversation with a network security person
> that was having problems blocking the ports used by the DCOM worm.
> They indicated that they had tried to block 135/TCP on their border
> router, but clients running Microsoft VPN started complaining because
> they could not connect.
>
> It appears that Microsoft VPN uses 135/TCP for RPC services used to
> establish a VPN connections. Is anyone familiar with this issue? What
> if anything is the solution to this problem? It is my understanding
> that these clients have no choice but to use Microsoft VPN.

I'm not sure what you mean by "Microsoft VPN, " as MS has built-in support
for at least two entirely different VPN schemes (IPSec/L2TP and PPTP).

Neither of these requires TCP port 135 to be open, however.  PPTP tunnels
(the more common VPN type used with MS OSes) only require TCP port 1723 and
IP protocol 47 (GRE).  IPsec has different requirements depending on your
exact config, but I've never seen TCP 135 as one of them.

-Darren

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list







More information about the list mailing list