How can i block port 135 on Windows Server 2008 R2?
-
Wednesday, March 06, 2013 6:54 PM
Hi All,
We are having our servers hardened and we failed on a penetration test because port 135 is open on our 2008 R2. they said i should close those ports.
i am searching over the net but all i saw was closing it on XP. however it did not work on 2008.
can anyone of you have tried closing that port (135) on a windows 2008 machine and probably teach me how??
Thanks
- Changed Type Santosh BhandarkarMicrosoft Community Contributor, Moderator Thursday, March 07, 2013 2:50 AM question
All Replies
-
Wednesday, March 06, 2013 8:40 PM
try here: http://technet.microsoft.com/en-us/library/dd448575(v=ws.10).aspx
there is a predefined rule (several) including one for Windows File and Printer Sharing - this one include permit rules for TCP135 and TCP445.
also here is some end-user info which may help:
http://windows.microsoft.com/en-us/windows-vista/enable-file-and-printer-sharing
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Wednesday, March 06, 2013 9:41 PM
Hi,
i did rules on blocking port 135 on firewall, ip sec.
but when i scan the port from outside (internet) it is open.
also, when i execute netstat -an | find /i "listening"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
the result is above..
so i am asking how can i make port 135 not listening. It is a possible security risk according to our Auditor.
Hope someone can help
-
Thursday, March 07, 2013 2:08 AM
Hi
135 is used too for the RPC for a lot of role (like netlogon, see http://support.microsoft.com/kb/832017/en-us)
What roles that server got ?
Blocking that port might get a lot of services down. You can't filter that port to allow it to talk to only your LAN user ? Better configure the firewall is the best option IMO.
Some blog tell to uninstall "Client for Microsoft Networks" to completely remove the port 135... but unless it's a standalone server in a corner, I don't recommand to do it.
MCP | MCTS 70-236: Exchange Server 2007, Configuring
Twitter - @yagmoth555 (
)
Blog: http://www.jabea.net | http://blogs.technet.com/b/wikininjas/ -
Thursday, March 07, 2013 1:46 PM
Hi yagmoth55,
It is a DNS Server. Standalone.
2 NICs for Internal remote and one for public for External DNS requests. upon scanning on the external IP it shown port 135 as open.
-
Friday, March 08, 2013 2:20 AMOn the external NIC you got only TCPv4 selected ?
MCP | MCTS 70-236: Exchange Server 2007, Configuring
Twitter - @yagmoth555 ()
Blog: http://www.jabea.net | http://blogs.technet.com/b/wikininjas/ -
Monday, March 11, 2013 4:40 PM
On the external NIC you got only TCPv4 selected ?
yes.. you are right..
-
Tuesday, March 12, 2013 2:57 AM
Try rpccfg, and unselect your internet nic.
Check that registry key if it can be good for you;
By default, the portmapper RPC service binds to all network interfaces.
A registry value, ListenOnInternet, controls whether the portmapper RPC service
binds to all interfaces or not. By default, this value does not exist and has
implicitly a default value of "Y":
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\
Value: ListenOnInternet
Type: REG_SZ
Content: "Y" or "N"
When set to "N", TCP port 135 will only listen on interfaces specified by the
Bind value described in the previous section. (rpccfg.exe's section)Make the netstat -ano, and be sure it's associated with like svchost (not any other third part tool)
MCP | MCTS 70-236: Exchange Server 2007, Configuring
Twitter - @yagmoth555 ()
Blog: http://www.jabea.net | http://blogs.technet.com/b/wikininjas/- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Tuesday, March 19, 2013 7:43 AM
.png)
