Problems disabling ports 135 and 1025.

TheMSsForum.com: The Microsoft Software Forum

Hello

I have a Windows Server 2003 Web Edition box I'm trying to get ready to put on the net and I can't get I've read all sorts of procedures to disable ports 135 and 1025, and none of them have worked. I would settle even to change them to listen on localhost instead of all IPs at this point. DTC is disabled, NetBIOS is disabled, Task Scheduler is disabled, I've changed a bunch of registry keys and everything save deleting rpcrt4.dll but it doesn't close the thing. Port 1025 is owned by lsass.exe and 135 by svchost.exe, which doesn't help very much. rpcdump.exe says 1025 is "ncacn_ip_tcp", an "IPSEC policy agent endpoint", but disabling IPSEC Services doesn't close it either. Everything seems to depend on the RPC service, so maybe port 135 is an unwinnable battle for a usable IIS server. Is there a way to tell either or both of these services to listen on localhost, or a specific IP? Slapping a firewall on it isn't a desirable hack/kludge/"solution"

Thanks for any advice.
Top

RE: Problems disabling ports 135 and 1025. by anonymous

anonymous
Wed Jun 09 12:41:03 CDT 2004

I, too, have ports open on W2K3s - TCP
ports 135, 145, 1025 & 1026 - and
would like to figure out how to close them
Top

Re: Problems disabling ports 135 and 1025. by Tom

Tom
Wed Jun 09 12:58:59 CDT 2004

http://www.petri.co.il/what_is_port_445_in_w2kxp.htm

"jbiddlew" <anonymous@discussions.microsoft.com> wrote in message
news:8F0C8014-17B0-412B-90FC-1E9D8FFA2E75@microsoft.com...
> I, too, have ports open on W2K3s - TCP
> ports 135, 145, 1025 & 1026 - and
> would like to figure out how to close them


Top

Re: Problems disabling ports 135 and 1025. by N

N
Wed Jun 09 14:27:39 CDT 2004

In article <F0BC3878-C12A-40D9-B81A-5F1449328D8B@microsoft.com>, =?Utf-8?B?
RnpaelQ=?= says...

> I have a Windows Server 2003 Web Edition box I'm trying to get ready to
> put on the net and I can't get I've read all sorts of procedures to
> disable ports 135 and 1025, and none of them have worked. I would settle
> even to change them to listen on localhost instead of all IPs at this
> point. DTC is disabled, NetBIOS is disabled, Task Scheduler is disabled,
> I've changed a bunch of registry keys and everything save deleting
> rpcrt4.dll but it doesn't close the thing. Port 1025 is owned by lsass.exe
> and 135 by svchost.exe, which doesn't help very much. rpcdump.exe says
> 1025 is "ncacn_ip_tcp", an "IPSEC policy agent endpoint", but disabling
> IPSEC Services doesn't close it either. Everything seems to depend on the
> RPC service, so maybe port 135 is an unwinnable battle for a usable IIS
> server. Is there a way to tell either or both of these services to listen
> on localhost, or a specific IP? Slapping a firewall on it isn't a
> desirable hack/kludge/"solution".

Hmmm. You can only disable a port by disabling the application which uses
the port. But, if IIS will break by disabling a particular service, but that
service will hold a port open when it is running, you won't be able to run
the IIS server without opening the affected port.

In fact, it is this which causes many to suggest running the IIS server
behind a NAT device. By only forwarding those ports that the Internet needs
to access for the service, you can leave the vulnerable services running
because they can't be reached through the NAT device.

Although I don't run IIS, or even a WinOS with Blaster/Sasser vulnerability,
I do run an MTA, and I do have only the necessary ports exposed to the
Internet. I am not running an email service for the larger community, and
keep ports, such as port 143 (IMAP service) blocked from Internet access.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Top

Re: Problems disabling ports 135 and 1025. by Lanwench

Lanwench
Wed Jun 09 12:55:48 CDT 2004

FzZzT wrote:
> Hello,
>
> I have a Windows Server 2003 Web Edition box I'm trying to get ready
> to put on the net and I can't get I've read all sorts of procedures
> to disable ports 135 and 1025, and none of them have worked. I would
> settle even to change them to listen on localhost instead of all IPs
> at this point. DTC is disabled, NetBIOS is disabled, Task Scheduler
> is disabled, I've changed a bunch of registry keys and everything
> save deleting rpcrt4.dll but it doesn't close the thing. Port 1025 is
> owned by lsass.exe and 135 by svchost.exe, which doesn't help very
> much. rpcdump.exe says 1025 is "ncacn_ip_tcp", an "IPSEC policy agent
> endpoint", but disabling IPSEC Services doesn't close it either.
> Everything seems to depend on the RPC service, so maybe port 135 is
> an unwinnable battle for a usable IIS server. Is there a way to tell
> either or both of these services to listen on localhost, or a
> specific IP? Slapping a firewall on it isn't a desirable
> hack/kludge/"solution".

Why not? It's not a kluge, or a hack, but it is part of the solution. A
firewall or a proxy server like ISA is the first thing you should have in
place - and if this is to be a public webserver, it should be in a DMZ,
ideally. Port 135 should definitely not be available from the Internet.

>
> Thanks for any advice.


Top