Of course it is possible to disable it. It really depends on what you're doing with the OS. I have an XP workstation that only has remote desktop running and everything is working fine.
________________________________________________________________ Stephen Perciballi phone: 1-416-216-5141 Internet Security Specialist cell : 1-416-877-1808 MCI pager: [EMAIL PROTECTED] www.mci.com/ca 24/7 : 1-888-886-3865 On Thu, 11 Sep 2003, Jean-Baptiste Marchand wrote: > * *Hobbit* <[EMAIL PROTECTED]> [10/09/03 - 13:31]: > > > Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff, > > including the RPC service itself, without paying the price of having > > almost everything I do afterward just sit there and stupidly wait for it > > to respond. A box with it disabled *will* run, just barely, it'll just > > be sluggish as hell. > > It is not really possible to disable the rpcss service (a.k.a _Remote > Procedure Call (RPC)), probably because a Windows NT system heavily uses > Local Procedure Calls (ncalrpc transport), which happen to be handled by > the rpcss service. > > To close port 135 (tcp and udp), used among other things by the MSRPC > endoint mapper, you have to minimize Windows services, i.e stop all > services that register RPC services. > > > Or at the very least a way to run it so it doesn't listen on a socket > > bound to *. How 'bout localhost-only, or the equivalent of unix-domain > > pipes, or *something* to keep it insulated from the network?? > > It is possible to bind RPC services to a specific network interface, for > example the loopback interface (127.0.0.1). This technique works on > Windows 2000 but not for all RPC services (however, it works for port > 135). > > For more information, see the _RPC Services_ of our _Minimizing Windows > network services_ paper: > > http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html > > > > How 'bout the same for SMB/tcp 445? > > Port 445 is opened by the NetBT driver (thus in kernel-mode) and is > always bound to 0.0.0.0 because it was designed as a global device: > > http://www.hsc.fr/ressources/presentations/sambaxp2003/slide4.html > > If you don't need SMB/CIFS at all, the easiest way to close port 445 > (tcp and udp) is to disable the NetBT driver. You can also set the > SmbDeviceEnabled registry value to 0. This is also described in our > minimization paper (_CIFS over TCP_ section). > > > PS: thanks for netcat and your _CIFS: Common Insecurities Fail Scrutiny_ > paper! > > Jean-Baptiste Marchand > -- > [EMAIL PROTECTED] > HSC - http://www.hsc.fr/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
