Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to BangBang
Re: RPC exploits/scans
RR is not blocking port 135 here in Hawaii. That port is open on my W98SE box as of about a week ago. I have been closing it each time I boot using Trojan Hunter's Process Viewer to terminate RPCSS.exe. Since this all started yesterday, I have rebooted periodically and checked to see if the port is open before terminating RPCSS.exe. It is still open (after rebooting) as of about one-half hour ago so I know RR is not filtering it here.
--
"Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning |
|
Straphanger
Express is Back
Premium,Mod
join:2001-12-08
Jackson Heights, NY
clubs: | I thought this exploit did not apply to Win 9x systems. |
|
Kip patterson
Premium
join:2000-10-23
Columbus, OH
| reply to Mele20
I should have pointed out that the block was installed sometime late last night, between 10 pm and 4 am EDT. It would have to be blocked at the RDC, as there is no way to block it nationally at one place. I suppose it might be a local decision to do so. |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
 ·Comcast
| reply to Straphanger
said by Straphanger  :
I thought this exploit did not apply to Win 9x systems.
According to MS....they may or may not be 
Microsoft Security Bulletin MS03-026
said by MS03-026:
Tested Versions:
Microsoft tested Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003, to assess whether they are affected by this vulnerability. Previous versions are no longer supported, and may or may not be affected by this vulnerability.
--
Hatred causes destruction....Love causes construction |
|
Straphanger
Express is Back
Premium,Mod
join:2001-12-08
Jackson Heights, NY
clubs: | Ah Microsoft loves to protect its consumers. |
|
Qumahlin
Never Enough Time
Premium,MVM
join:2001-10-05
united state
| reply to Mele20
said by Mele20 :
RR is not blocking port 135 here in Hawaii. That port is open on my W98SE box as of about a week ago. I have been closing it each time I boot using Trojan Hunter's Process Viewer to terminate RPCSS.exe. Since this all started yesterday, I have rebooted periodically and checked to see if the port is open before terminating RPCSS.exe. It is still open (after rebooting) as of about one-half hour ago so I know RR is not filtering it here.
Instead of terminating RPcss (you are still vuln even after terminating the process) If you know you don't need RPC then disable it from the administrative tools.
--
Forum Posts:3100 |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| Said by Qumahlin:
>Instead of terminating RPcss (you are still vuln even after terminating the process) If you know you don't need RPC then disable it from the administrative tools.
Why would I still be vulnerable after terminating RPCSS as that closes port 135 and I have no other ports open?
As far as I know, I don't need it. However, some application that I got recently must be using it, otherwise, why would port 135 suddenly have become open when it has always tested closed at GRC, PC Flank, HackerWhacker, etc.? I'm leery of changing the registry values until I can figure out how and why that port suddenly became open. I thought it was possibly the update for NOD32 which I just started using that was doing it, but I have been told no in the NOD32 official forum.
I can't disable from the OLE/COM Object Viewer because I get a strange error message when I try to access the Viewer. So, I would have to change the two values associated with this manually in the registry which I have been reluctant to do since I don't know what or why the port suddenly became open.
--
"Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| said by mele20:
I'm leery of changing the registry values until I can figure out how and why that port suddenly became open. I thought it was possibly the update for NOD32 which I just started using that was doing it, but I have been told no in the NOD32 official forum.
You could consider downloading....Port Explorer ....made available as a 60 day evaluation.
BTW....Gavin Coe\DiamondCS Analyst is a member at BBR.... Gavin_TH
said by DiamondCS:
What is Port Explorer?
Port Explorer allows you to see all the open ports on your system and what programs own them (called Port to Process mapping). Along with this ability it also has many tools including a packet sniffer, bandwidth throttling and country detection to name just a few. Port Explorer has an intuitive GUI that allows you to quickly see all the network activity your computer is involved in, and thanks to its ease of use is allowing people everywhere to do advanced network activities.
--
Hatred causes destruction....Love causes construction |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| > You could consider downloading....Port Explorer ....made available as a 60 day evaluation.
Thank you Bubba. I did just that. Most interesting application! I didn't really learn anything though about why port 135 suddenly became open. Port Explorer simply reports that it is RPcss listening there which I already knew. That doesn't tell me why though it suddenly started listening on that port. What have I done to activate this? Port Explorer did confirm for me that port 1025 is also open because of RPcss. What exactly is port 1025 for? I see it is used to play a game called Blackjack. I suppose alot of things use this port? I can't use that part of the Port Explorer program....available only to registered users. Why doesn't GRC and PCFlank report 1025 as open also?
--
"Everything can be taken from a man or woman but one thing: the last of the human freedoms - to choose one's attitude in any given set of circumstances, to choose one's destiny." Victor Frankl - Man's Search for Meaning |
|
