True. Many MS products (including Exchange) make initial connections on
port 135, then re-map to a randomized high port. In products like Exchange
that are typically used behind and through firewalls, this does not allow
for a secure firewall scenario.
In response, MS has enable the ability to specify a specific port that the
communications re-map to - although the initial connection still must be
made via port 135.
| -----Original Message-----
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]]On Behalf Of Merton Campbell
| Crockett
| Sent: Sunday, January 30, 2000 3:30 PM
| To: Chris Brenton
| Cc: Peter M; [EMAIL PROTECTED]
| Subject: Re: Hey.. Quick Question.
|
|
| My memory was just jogged by an article in the Microsoft
| Knowledge Base that
| popped up on a query for "port 135". The Microsoft Exchange
| Client uses the
| RPC Services for communication with the Microsoft Exchange Server.
|
| Looks like Microsoft has made some changes to its search engine.
| A lot of
| information on applications that use port 135 is provided along
| with notes
| on configuring applications and firewalls to limit risks.
|
| Merton Campbell Crockett
|
| On Sun, 30 Jan 2000, Merton Campbell Crockett wrote:
|
| > On Sat, 29 Jan 2000, Chris Brenton wrote:
| >
| > > Merton Campbell Crockett wrote:
| > > >
| > > > Port 135 is reserved for DCE End Point Resolution. This is used by
| > > > Microsoft's RPC (Distributed Computing Environment [DCE]) Service.
| > >
| > > This is correct.
| > >
| > > > Might be a little difficult to remove without rebuilding
| the kernel as
| > > > Windows98 includes the RPC (DCE) client and server for
| local and remote
| > > > registry management.
| > >
| > > This port is not open on a Win98 box, even if you have file sharing
| > > turned on. From one of my lab Win98 boxes:
| >
| > I don't think that file sharing is a DCOM/COM/OLE application
| but could be
| > mistaken.
| >
| > > C:\WINDOWS>netstat -an
| > >
| > > Active Connections
| > >
| > > Proto Local Address Foreign Address State
| > > TCP 0.0.0.0:1199 0.0.0.0:0 LISTENING
| > > TCP 0.0.0.0:1201 0.0.0.0:0 LISTENING
| > > TCP 192.168.0.28:137 0.0.0.0:0 LISTENING
| > > TCP 192.168.0.28:138 0.0.0.0:0 LISTENING
| > > TCP 192.168.0.28:139 0.0.0.0:0 LISTENING
| > > UDP 192.168.0.28:137 *:*
| > > UDP 192.168.0.28:138 *:*
| > >
| > >
| > > Note the absence of TCP/135 listening.
| >
| > I didn't feel like rebooting to switch from BSD/OS to
| Windows98 to see if
| > there were any differences between our systems. The Microsoft
| Windows98
| > Resource Kit implies that the RPC service is indemic to
| Windows98 and that
| > it will listen on port 135 should you install or run a DCOM/COM/OLE
| > application. The application, itself, has no knowledge that
| the RPC service
| > is being used.
| >
| > There is a high probablility the if you are using Microsoft
| Access or some
| > Microsoft SQL applications or ActiveX controls that port 135 may become
| > active.
| >
| > Merton Campbell Crockett
| >
| >
| > -
| > [To unsubscribe, send mail to [EMAIL PROTECTED] with
| > "unsubscribe firewalls" in the body of the message.]
| >
|
| -
| [To unsubscribe, send mail to [EMAIL PROTECTED] with
| "unsubscribe firewalls" in the body of the message.]
|
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
