RPC exploits/scans Page 2 - dslreports.com

Author	All Replies
Mele20 Premium join:2001-06-05 Hilo, HI	reply to Bubba Re: RPC exploits/scans > You could consider downloading....Port Explorer ....made available as a 60 day evaluation. Thank you Bubba. I did just that. Most interesting application! I didn't really learn anything though about why port 135 suddenly became open. Port Explorer simply reports that it is RPcss listening there which I already knew. That doesn't tell me why though it suddenly started listening on that port. What have I done to activate this? Port Explorer did confirm for me that port 1025 is also open because of RPcss. What exactly is port 1025 for? I see it is used to play a game called Blackjack. I suppose alot of things use this port? I can't use that part of the Port Explorer program....available only to registered users. Why doesn't GRC and PCFlank report 1025 as open also? -- "Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning
	to forum · permalink · · 2003-08-12 20:52:11 ·
Mele20 Premium join:2001-06-05 Hilo, HI	reply to rr_tech >yeah, i know for sure that the filters are in place in almost all divisions other than midsouth. no word on hawaii but it wasn't mentioned. i would imagine it'll either happen soon or never. Well, I just rebooted and port 135 is still open until I use either Process Viewer in Trojan Hunter or Port Explorer to terminate RPCss.exe. I suppose Hawaii might be last since we are way out in the middle of the Pacific Ocean! Still no new notice on the local status page. I emailed csrsupport but haven't heard anything back. Yeah...I might have talked you when you worked there! I don't call much as I have a direct, toll free number from the Big Island to tier 3 support at Oceanic on Oahu. I haven't called about this because I know they are swamped. It is not a large number of techs so I don't want to contribute to making their job even harder. I am very curious though to know if this filtering will be implemented here also. Guess I just have to wait and see. Port 135 now tests "stealthed" (even though I have no firewall) at GRC so Hawaii RR now has the filtering implemented. -- "Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning [text was edited by author 2003-08-13 06:26:22]
	to forum · permalink · · 2003-08-12 21:22:07 ·
dib22 join:2002-01-27 Kansas City, MO	cough nmap cough nmap
	to forum · permalink · · 2003-08-13 07:15:42 ·
Mele20 Premium join:2001-06-05 Hilo, HI	reply to BangBang There's a report over in the Security forum that RR has ceased blocking port 135. Is this true? I can't check because I have disabled RPC in the registry so the port is closed for me no matter what RR does. »port 135 alive again.... -- "Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning
	to forum · permalink · · 2003-08-22 06:49:11 ·
Konaguy Live From Kailua-Kona, Hawaii Premium join:2000-10-21 Kailua Kona, HI ·Hawaiian Telcom	said by Mele20 : I have disabled RPC in the registry so the port is closed for me no matter what RR does. Huh why did you do that ? As far as I understand this virus doesn't effect Windows 9x- Only NT/2000/XP -- Forum Posts: 1000
	to forum · permalink · · 2003-08-23 01:45:36 ·
Mele20 Premium join:2001-06-05 Hilo, HI	I test about once a month at GRC, DSLR, PC Flank, Hackerwhacker, etc. to make sure all my ports are closed because I haven't used a firewall in over a year. They have always tested closed at all test sites until suddenly about three weeks ago (before Blaster) I tested at GRC and port 135 was open! I confirmed this at the other test sites. I don't how or why it became open. Even after RR closed it, it was open outbound which is strange because when I called National Help Desk a few days ago with modem trouble the technician read me the memo that was sent to them and the memo said that these ports were being blocked both in and outbound by RR and yet according to Port Explorer (which I downloaded the trial) port 135 was open outbound and I could see that it would go from the listening state to "established" every so often briefly. I could not determine what was using the port as it was so brief when it was in the established state and Port Explorer has some things crippled in the trial version. I asked in this forum, Microsoft Help and Security about this and the best advice I got was to disable RPC in the registry which is what Microsoft advises if you don't need DCOM. I thought whatever was holding the port open would complain after I disabled RPC and then I would know what was using that port...but nothing has complained...so the whole thing remains a mystery. As soon as I killed the process (this was before RR closed port 135) using either Port Explorer or Trojan Hunter (which I also downloaded the trial in case I had acquired a Trojan that opened port 135), the port would test closed at GRC, etc. but outbound 135 remained open in Port Explorer. It remained open outbound also after RR closed the port so I finally killed RPC for good in the registry. (Well, not necessarily for good as it is easy to change the values back to yes). BTW, did you see my thread »Modem power level?? Does it seem odd to you? Do you know if Oceanic has been doing anything that would suddenly cause this much change (for the better...but still...I think it more likely that the modem is not reporting properly and it trips off line frequently now). -- "Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning [text was edited by author 2003-08-23 05:04:29]
	to forum · permalink · · 2003-08-23 04:59:30 ·
Kip patterson Premium join:2000-10-23 Columbus, OH	reply to Mele20 I think it is still closed. Testing reports it as stealth. Packet sniffing shows a lot of pings from machines not on RR that are NOT followed by port 135 probes. I do see port 135 probes from machines on RR. I'm in Columbus, OH
	to forum · permalink · · 2003-08-23 09:24:24 ·
Konaguy Live From Kailua-Kona, Hawaii Premium join:2000-10-21 Kailua Kona, HI	reply to Mele20 I tested my computer at GRC and port 135 is stealthed. (But I have a D-Link router) -- Forum Posts: 1000
	to forum · permalink · · 2003-08-23 17:15:15 ·
pharcide join:2002-07-30 Houston, TX	reply to BangBang in houston at least we had to remove the port filtering because our UBR's are over 90% utilization -- I came here to chew bubblegum and kick ass... I'm all out of bubble gum!
	to forum · permalink · · 2003-08-23 17:42:49 ·


Friday, 04-Dec 19:39:27	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF