* *Hobbit* <[EMAIL PROTECTED]> [10/09/03 - 13:31]: > Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff, > including the RPC service itself, without paying the price of having > almost everything I do afterward just sit there and stupidly wait for it > to respond. A box with it disabled *will* run, just barely, it'll just > be sluggish as hell.
It is not really possible to disable the rpcss service (a.k.a _Remote Procedure Call (RPC)), probably because a Windows NT system heavily uses Local Procedure Calls (ncalrpc transport), which happen to be handled by the rpcss service. To close port 135 (tcp and udp), used among other things by the MSRPC endoint mapper, you have to minimize Windows services, i.e stop all services that register RPC services. > Or at the very least a way to run it so it doesn't listen on a socket > bound to *. How 'bout localhost-only, or the equivalent of unix-domain > pipes, or *something* to keep it insulated from the network?? It is possible to bind RPC services to a specific network interface, for example the loopback interface (127.0.0.1). This technique works on Windows 2000 but not for all RPC services (however, it works for port 135). For more information, see the _RPC Services_ of our _Minimizing Windows network services_ paper: http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html > How 'bout the same for SMB/tcp 445? Port 445 is opened by the NetBT driver (thus in kernel-mode) and is always bound to 0.0.0.0 because it was designed as a global device: http://www.hsc.fr/ressources/presentations/sambaxp2003/slide4.html If you don't need SMB/CIFS at all, the easiest way to close port 445 (tcp and udp) is to disable the NetBT driver. You can also set the SmbDeviceEnabled registry value to 0. This is also described in our minimization paper (_CIFS over TCP_ section). PS: thanks for netcat and your _CIFS: Common Insecurities Fail Scrutiny_ paper! Jean-Baptiste Marchand -- [EMAIL PROTECTED] HSC - http://www.hsc.fr/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
