Bill
Sat Apr 17 20:49:07 CDT 2004
>-----Original Message-----
>Dear Bill,
>
>I continued my research and eureka! I found it.
>First off, the difficulty began when I did not specify
the
>protocol. UPD 135 (the dcom stuff), I had disabled that
>along time ago. It was TCP 135 that was the concern.
>
>Should you be interested in disabling TCP 135 for
security
>purposes (I know conceptual exploits about this port,
>that's why I wanted it closed), do the following in xp.
>
>--it'll reinforce the knowledge for me by telling you
>
>Run regedit
>
>
> Key:
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
\
> Value: ListenOnInternet (create)
> Type: REG_SZ
> Content: "Y" or "N"
>
>When set to "N", TCP port 135 will only listen on
>interfaces specified.
>
>Specifying the bind interface with
>
>
>Key:
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpc
>(create)\Linkage(create)\
> Value: Bind (create)
> Type: REG_MULTISZ
> Content: list of network interfaces indexes
>
>Netstat is finally free of TCP 135
>
>It is possibe :)
>
>Thanks you,
>
>Terry
>
>
>
>
>
>
>
>
>
>>-----Original Message-----
>>
>>>-----Original Message-----
>>>Thank you Bill for you generous willingness to help
me.
>>>In regards to the link you provided, I followed
Steven's
>>>grc advice on unbinding 135, however, with no luck.
>>>
>>>Currently I've disabled WINS netbios (allowing only
>>>TCP/IP). Also, I've disable the services distributed
>>>transaction cordinator and task scheduler in
>>>services.msc. Furthermore, I've disabled Dcom in the
>>>registry (ole) giving it a value of N.
>>>
>>>I understand firewalls can block 135, however, I'd
>really
>>>much like to find out how to do this. Unfortunately,
>the
>>>time I was able to find netstat free of 135, I was
>merely
>>>playing around and forgot to note exactly what I
did :|
>>>
>>>Thank you once again with anticipation and
appreciation,
>>>Terry
>>>
>>>>-----Original Message-----
>>>>
>>>>>-----Original Message-----
>>>>>Hey all,
>>>>>
>>>>>I've been researching and am having difficulty
finding
>>>>out
>>>>>how to unbind the remote procedure call service from
>>>port
>>>>>135. I'm beggining to wonder if it's possible. I
>>>messed
>>>>>around with my system configurations a while ago and
>>>>>discovered that rpc 135 was closed from netstat. I
>>>don't
>>>>>know what I did, but it worked at the time. Now I
>>can't
>>>>>seem to find a way to do this. Please help me. Thank
>>>you.
>>>>>
>>>>>With appreciation,
>>>>>Terry
>>>>>.
>>>>>
>>>>Hey there. Well, I could go into all sorts of
>>>>explanations and whatnot, or I could just give you a
>>link
>>>>that I think has what your looking for. :)
>>>>
>>>>
http://grc.com/dcom/
>>>>
>>>>That site should give you everything you need to know
>>>>about DCOM what it does and doesn't do, and how to
shut
>>>it
>>>>down and close port 135. If that does not do it, let
>me
>>>>know and clarify exactly what you need and I'll do my
>>>best
>>>>to help.
>>>>
>>>>-Bill
>>>>.
>>>>
>>>.
>>>
>>Ok, I was able to disable DCOM and close port 135 by
>>manually modifying one of the registry keys. Tested it
>>out on my home computer, then checked netstat and port
>135
>>is closed. Here are the instructions for what I did.
>>
>>The HKEY_LOCAL_MACHINE\Software\Microsoft\OLE registry
>key
>>has "EnableDCOM" as a named value. By default this value
>>is set to "Y." To disable DCOM, change this value to "N"
>>You can do this in the OLE/COM Object Viewer with the
>>File.System Configuration dialog box. Changing this
value
>>requires you to restart your computer.
>>
>>If EnableDCOM is not set to "Y," then all cross-computer
>>calls are rejected (the caller, typically, receives an
>>RPC_S_SERVER_UNAVAILABLE return code)
>>
>>Basically go to regedit follow the pathway it states
find
>>the enable dcom value, right click on it and select
>>modify. Change the value to n instead of y. Exit. YOu
>>may want to save a backup of your registry before just
in
>>case. Mine has no problem so far and all seems stable.
>>Here is a link with the original info.
>>
>>
http://support.microsoft.com/default.aspx?
>>scid=
http://support.microsoft.com:80/support/kb/articles/
Q
>1
>>58/5/08.asp&NoWebContent=1
>>
>>Hope this does the trick.
>>
>>-Bill
>>.
>>
>.
>
Well excellant, I'll be sure to copy that down for future
reference. Wish you luck with future tweaking, etc..
-Bill