[60150] in North American Network Operators' Group
Re: Blocking port 135?
daemon@ATHENA.MIT.EDU (Crist Clark)
Fri Aug 1 16:12:43 2003
Date: Fri, 01 Aug 2003 13:12:07 -0700
From: "Crist Clark" <crist.clark@globalstar.com>
Reply-To: Crist.Clark@globalstar.com
To: Bob German <bobgerman@irides.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Bob German wrote:
>
> Absolutely. All of the NetBIOS ports: 135, 137, 138, 139, 445.
Although the public exploits floating around (at the moment) attack
135/tcp, 135/udp is also vulnerable...
And for this crowd, I should point out that blocking 135/udp blocks
DCE-RPC which is used rather heavily by HP OpenView by default.
You may hear some shrieks of pain should you chose to block 135/udp.
Oh, and according to the guys who broke the story in the first place,
http://www.securityfocus.com/archive/1/329918
Port 593/tcp is also potentially problematic.
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> Adi Linden
> Sent: Friday, August 01, 2003 2:37 PM
> To: nanog@merit.edu
> Subject: Blocking port 135?
>
> http://www.cert.org/advisories/CA-2003-19.html
>
> Would blocking port 135 at the network edge be a prudent preventative
> measure?
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact postmaster@globalstar.com
