[Dshield] DCOM VPN Question

Geoff Shively gshively at pivx.com
Wed Aug 13 20:26:32 GMT 2003


My suspicions were correct, I was missing something. thanks guys

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?
http://www.pivx.com

----- Original Message ----- 
From: <andy.n.willson at exxonmobil.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, August 13, 2003 1:17 PM
Subject: Re: [Dshield] DCOM VPN Question


>
> Very bottom of the webpage under the "Other" category, which still points
> back to 135
>
>
>
> Andy
>
>
>
>                       "Geoff Shively"
>                       <gshively at pivx.com        To:      "General DShield
Discussion List" <list at dshield.org>
>                       >                         cc:
>                       Sent by:                  Subject:       Re:
[Dshield] DCOM VPN Question
>                       list-bounces at dshie
>                       ld.org
>
>
>
>                       08/13/03 02:11 PM
>                       Please respond to
>                       General DShield
>                       Discussion List
>
>
>
>
>
> interesting, still no mention of port 593 (RPC-over-HTTP).
>
> Am i missing something?
>
> Cheers,
>
> Geoff Shively, CHO
> PivX Solutions, LLC
>
> Are You Secure?
> http://www.pivx.com
>
> ----- Original Message -----
> From: <andy.n.willson at exxonmobil.com>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Wednesday, August 13, 2003 12:48 PM
> Subject: Re: [Dshield] DCOM VPN Question
>
>
> >
> > Some good info on ports...especially the 135 port - referred to as the
> > "end-point mapper" which is required for basics like VPN and Exchange.
> >
> >
>
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm
>
> >
> >
> >
> >
> > Andy
> >
> >
> >
> >
> >                       "Darren Gasser"
> >                       <kaos at earthlink.ne        To:      "General
DShield
> Discussion List" <list at dshield.org>
> >                       t>                        cc:
> >                       Sent by:                  Subject:       Re:
> [Dshield] DCOM VPN Question
> >                       list-bounces at dshie
> >                       ld.org
> >
> >
> >
>
> >                       08/13/03 01:08 PM
> >                       Please respond to
> >                       General DShield
> >                       Discussion List
> >
> >
> >
> >
> >
> > Jon R. Kibler wrote:
> > > Greetings:
> > >
> > > I just had an interesting conversation with a network security person
> > > that was having problems blocking the ports used by the DCOM worm.
> > > They indicated that they had tried to block 135/TCP on their border
> > > router, but clients running Microsoft VPN started complaining because
> > > they could not connect.
> > >
> > > It appears that Microsoft VPN uses 135/TCP for RPC services used to
> > > establish a VPN connections. Is anyone familiar with this issue? What
> > > if anything is the solution to this problem? It is my understanding
> > > that these clients have no choice but to use Microsoft VPN.
> >
> > I'm not sure what you mean by "Microsoft VPN, " as MS has built-in
> support
> > for at least two entirely different VPN schemes (IPSec/L2TP and PPTP).
> >
> > Neither of these requires TCP port 135 to be open, however.  PPTP
tunnels
> > (the more common VPN type used with MS OSes) only require TCP port 1723
> and
> > IP protocol 47 (GRE).  IPsec has different requirements depending on
your
> > exact config, but I've never seen TCP 135 as one of them.
> >
> > -Darren
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
> >
> >
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list