|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Tue, 28 Apr 1998 15:49:33 -0400 Reply-To: Michael Nelson <mikenel@WAM.UMD.EDU> From: Michael Nelson <mikenel@WAM.UMD.EDU> X-To: David LeBlanc <dleblanc@MINDSPRING.COM> To: BUGTRAQ@NETSPACE.ORG In-Reply-To: <3.0.3.32.19980428091545.00ae5b70@mindspring.com> On Tue, 28 Apr 1998, David LeBlanc wrote: > 2) MMC and a number of the newer admin tools for various NT-ish sorts of > things use DCOM, which runs across 135 UDP, and does NOT depend on 139 > being accessible to function. Also note that DCOM does NOT depend on the > right to log on from the network. It is definately a smart thing to put > filters in front of the NT box which keep it from accepting packets to 135 > (UDP and TCP). Some of the DCOM utilities have overly broad permissions to > access the thing, but appear to be fairly reasonable about letting you > actually change important items. DCOM runs across either TCP or UDP. If Win95 is on one end, TCP is always used. Port 135 is used to bootstrap connections, do activation, and some other administrative cruft; application communication takes place over a port in the >1024 range. See http://www.wam.umd.edu/~mikenel/dcom/dcomfw.htm for the gory details on this and how you can restrict the range (and force TCP to always be used on NT). I have a bunch of new things that I need to add to it, and I will make an announcement here when I do if people are interested. -mike
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |