[Dshield] DCOM VPN Question

andy.n.willson@exxonmobil.com andy.n.willson at exxonmobil.com
Wed Aug 13 20:17:44 GMT 2003


Very bottom of the webpage under the "Other" category, which still points
back to 135



Andy


                                                                                                                                        
                      "Geoff Shively"                                                                                                   
                      <gshively at pivx.com        To:      "General DShield Discussion List" <list at dshield.org>                           
                      >                         cc:                                                                                     
                      Sent by:                  Subject:       Re: [Dshield] DCOM VPN Question                                          
                      list-bounces at dshie                                                                                                
                      ld.org                                                                                                            
                                                                                                                                        
                                                                                                                                        
                                                                                                                                        
                      08/13/03 02:11 PM                                                                                                 
                      Please respond to                                                                                                 
                      General DShield                                                                                                   
                      Discussion List                                                                                                   
                                                                                                                                        
                                                                                                                                        



interesting, still no mention of port 593 (RPC-over-HTTP).

Am i missing something?

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?
http://www.pivx.com

----- Original Message -----
From: <andy.n.willson at exxonmobil.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, August 13, 2003 12:48 PM
Subject: Re: [Dshield] DCOM VPN Question


>
> Some good info on ports...especially the 135 port - referred to as the
> "end-point mapper" which is required for basics like VPN and Exchange.
>
>
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm

>
>
>
>
> Andy
>
>
>
>
>                       "Darren Gasser"
>                       <kaos at earthlink.ne        To:      "General DShield
Discussion List" <list at dshield.org>
>                       t>                        cc:
>                       Sent by:                  Subject:       Re:
[Dshield] DCOM VPN Question
>                       list-bounces at dshie
>                       ld.org
>
>
>

>                       08/13/03 01:08 PM
>                       Please respond to
>                       General DShield
>                       Discussion List
>
>
>
>
>
> Jon R. Kibler wrote:
> > Greetings:
> >
> > I just had an interesting conversation with a network security person
> > that was having problems blocking the ports used by the DCOM worm.
> > They indicated that they had tried to block 135/TCP on their border
> > router, but clients running Microsoft VPN started complaining because
> > they could not connect.
> >
> > It appears that Microsoft VPN uses 135/TCP for RPC services used to
> > establish a VPN connections. Is anyone familiar with this issue? What
> > if anything is the solution to this problem? It is my understanding
> > that these clients have no choice but to use Microsoft VPN.
>
> I'm not sure what you mean by "Microsoft VPN, " as MS has built-in
support
> for at least two entirely different VPN schemes (IPSec/L2TP and PPTP).
>
> Neither of these requires TCP port 135 to be open, however.  PPTP tunnels
> (the more common VPN type used with MS OSes) only require TCP port 1723
and
> IP protocol 47 (GRE).  IPsec has different requirements depending on your
> exact config, but I've never seen TCP 135 as one of them.
>
> -Darren
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list







More information about the list mailing list