Wednesday, March 06, 2013 6:54 PM
We are having our servers hardened and we failed on a penetration test because port 135 is open on our 2008 R2. they said i should close those ports.
i am searching over the net but all i saw was closing it on XP. however it did not work on 2008.
can anyone of you have tried closing that port (135) on a windows 2008 machine and probably teach me how??
- Changed Type Santosh BhandarkarMicrosoft Community Contributor, Moderator Thursday, March 07, 2013 2:50 AM question
Wednesday, March 06, 2013 8:40 PM
there is a predefined rule (several) including one for Windows File and Printer Sharing - this one include permit rules for TCP135 and TCP445.
also here is some end-user info which may help:
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)
Wednesday, March 06, 2013 9:41 PM
i did rules on blocking port 135 on firewall, ip sec.
but when i scan the port from outside (internet) it is open.
also, when i execute netstat -an | find /i "listening"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
the result is above..
so i am asking how can i make port 135 not listening. It is a possible security risk according to our Auditor.
Hope someone can help
Thursday, March 07, 2013 2:08 AM
135 is used too for the RPC for a lot of role (like netlogon, see http://support.microsoft.com/kb/832017/en-us)
What roles that server got ?
Blocking that port might get a lot of services down. You can't filter that port to allow it to talk to only your LAN user ? Better configure the firewall is the best option IMO.
Some blog tell to uninstall "Client for Microsoft Networks" to completely remove the port 135... but unless it's a standalone server in a corner, I don't recommand to do it.
Thursday, March 07, 2013 1:46 PM
It is a DNS Server. Standalone.
2 NICs for Internal remote and one for public for External DNS requests. upon scanning on the external IP it shown port 135 as open.
Friday, March 08, 2013 2:20 AM
Monday, March 11, 2013 4:40 PM
On the external NIC you got only TCPv4 selected ?
yes.. you are right..
Tuesday, March 12, 2013 2:57 AM
Try rpccfg, and unselect your internet nic.
Check that registry key if it can be good for you;
By default, the portmapper RPC service binds to all network interfaces.
A registry value, ListenOnInternet, controls whether the portmapper RPC service
binds to all interfaces or not. By default, this value does not exist and has
implicitly a default value of "Y":
Content: "Y" or "N"
When set to "N", TCP port 135 will only listen on interfaces specified by the
Bind value described in the previous section. (rpccfg.exe's section)
Make the netstat -ano, and be sure it's associated with like svchost (not any other third part tool)
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Tuesday, March 19, 2013 7:43 AM