On Sat, 29 Jan 2000, Chris Brenton wrote:
> Merton Campbell Crockett wrote:
> >
> > Port 135 is reserved for DCE End Point Resolution. This is used by
> > Microsoft's RPC (Distributed Computing Environment [DCE]) Service.
>
> This is correct.
>
> > Might be a little difficult to remove without rebuilding the kernel as
> > Windows98 includes the RPC (DCE) client and server for local and remote
> > registry management.
>
> This port is not open on a Win98 box, even if you have file sharing
> turned on. From one of my lab Win98 boxes:
I don't think that file sharing is a DCOM/COM/OLE application but could be
mistaken.
> C:\WINDOWS>netstat -an
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP 0.0.0.0:1199 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1201 0.0.0.0:0 LISTENING
> TCP 192.168.0.28:137 0.0.0.0:0 LISTENING
> TCP 192.168.0.28:138 0.0.0.0:0 LISTENING
> TCP 192.168.0.28:139 0.0.0.0:0 LISTENING
> UDP 192.168.0.28:137 *:*
> UDP 192.168.0.28:138 *:*
>
>
> Note the absence of TCP/135 listening.
I didn't feel like rebooting to switch from BSD/OS to Windows98 to see if
there were any differences between our systems. The Microsoft Windows98
Resource Kit implies that the RPC service is indemic to Windows98 and that
it will listen on port 135 should you install or run a DCOM/COM/OLE
application. The application, itself, has no knowledge that the RPC service
is being used.
There is a high probablility the if you are using Microsoft Access or some
Microsoft SQL applications or ActiveX controls that port 135 may become
active.
Merton Campbell Crockett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
