[Dshield] DCOM VPN Question

Bruyere, Michel mbruyere at ezemcanada.com
Wed Aug 13 20:19:51 GMT 2003


It's listed at the bottom of the page... and when you click on it, it will
get you to
http://www.iss.net/security_center/advice/Exploits/Ports/593/default.htm 



> -----Original Message-----
> From: Geoff Shively [mailto:gshively at pivx.com]
> Sent: mercredi 13 août 2003 16:11
> To: General DShield Discussion List
> Subject: Re: [Dshield] DCOM VPN Question
> 
> interesting, still no mention of port 593 (RPC-over-HTTP).
> 
> Am i missing something?
> 
> Cheers,
> 
> Geoff Shively, CHO
> PivX Solutions, LLC
> 
> Are You Secure?
> http://www.pivx.com
> 
> ----- Original Message -----
> From: <andy.n.willson at exxonmobil.com>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Wednesday, August 13, 2003 12:48 PM
> Subject: Re: [Dshield] DCOM VPN Question
> 
> 
> >
> > Some good info on ports...especially the 135 port - referred to as the
> > "end-point mapper" which is required for basics like VPN and Exchange.
> >
> >
>
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/d
> efault.htm
> >
> >
> >
> >
> > Andy
> >
> >
> >
> >
> >                       "Darren Gasser"
> >                       <kaos at earthlink.ne        To:      "General
DShield
> Discussion List" <list at dshield.org>
> >                       t>                        cc:
> >                       Sent by:                  Subject:       Re:
> [Dshield] DCOM VPN Question
> >                       list-bounces at dshie
> >                       ld.org
> >
> >
> >
> 
> >                       08/13/03 01:08 PM
> >                       Please respond to
> >                       General DShield
> >                       Discussion List
> >
> >
> >
> >
> >
> > Jon R. Kibler wrote:
> > > Greetings:
> > >
> > > I just had an interesting conversation with a network security person
> > > that was having problems blocking the ports used by the DCOM worm.
> > > They indicated that they had tried to block 135/TCP on their border
> > > router, but clients running Microsoft VPN started complaining because
> > > they could not connect.
> > >
> > > It appears that Microsoft VPN uses 135/TCP for RPC services used to
> > > establish a VPN connections. Is anyone familiar with this issue? What
> > > if anything is the solution to this problem? It is my understanding
> > > that these clients have no choice but to use Microsoft VPN.
> >
> > I'm not sure what you mean by "Microsoft VPN, " as MS has built-in
> support
> > for at least two entirely different VPN schemes (IPSec/L2TP and PPTP).
> >
> > Neither of these requires TCP port 135 to be open, however.  PPTP
tunnels
> > (the more common VPN type used with MS OSes) only require TCP port 1723
> and
> > IP protocol 47 (GRE).  IPsec has different requirements depending on
your
> > exact config, but I've never seen TCP 135 as one of them.
> >
> > -Darren
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
> >
> >
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list