|
Al, do you have success with that rpc port
limitation? With win2k, it did not work as advertised as I recall… From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick 1025/tcp is in the range of ephemeral ports. If it were some versions
of BSD, that would be 1025-4999 but for Windows is pretty much 1025-65535 (TCP
in this case). RPC endpoints are typically negotiated and pick from the ephemeral
ports that Windows has available (above 1024 or implicitly 1025-65535 with some
exceptions). If you disable that port on a standalone machine, especially a DC you
can easily break it's normal function or at least whatever is based on RPC
connectivity. You *could* lock down the ports that the RPC endpoint mapper
hands out however, which would allow you to use some other port and thereby
disable that port if you really wanted to for some reason. The end result is
that when asked, your server would always hand out the same port number to
communicate vs. picking one at random. Was there a particularly interesting reason you want to disable that
access? From outside your network you certainly do, but any particular reason
why you would on the machine?
On 3/9/06, Ravi
Dogra <[EMAIL PROTECTED]>
wrote: Hi, |
- RE: [ActiveDir] 1025/tcp open NFS-or-IIS Marcus.Oh
- Re: [ActiveDir] 1025/tcp open NFS-or-IIS Umer Y
- Re: [ActiveDir] 1025/tcp open NFS-or-IIS Al Mulnick
- RE: [ActiveDir] 1025/tcp open NFS-or-IIS Marcus.Oh
- Re: [ActiveDir] 1025/tcp open NFS-or-IIS Al Mulnick
- Re: [ActiveDir] 1025/tcp open NFS-or-IIS Ravi Dogra
- Re: [ActiveDir] 1025/tcp open NFS-or-IIS Al Mulnick
