On Mon, 2003-08-04 at 09:22, Mike Vanecek wrote: > I am starting to see more packets to port 135 in my log (default reject). They > seem to be from all over. The definition of the port is: > > # Mike Berrow <---none---> > epmap 135/tcp DCE endpoint resolution > epmap 135/udp DCE endpoint resolution > > Would someone please tell me the significance of epmap and whether I should > have it enabled?
If you don't know that you need it, and everything is working, YOU DON'T NEED IT. I always tell my clients, "don't be worried about what you CAN see... be worried about what you CANNOT see". In your case, you should definitely be blocking 135 at your external interface, and likely, at your internal interface (don't want netbeui broadcasts being sent outbound). Port 135 is part of the SMB suite of protocols (135/137/138/139/445) that are used for Windows networking. Even if you ARE using SMB shares inside your LAN, you shouldn't be allowing them to pass through your firewall. In my case, I have a distinct rule to drop them and NOT log (too much noise). http://www.iss.net/security_center/advice/Exploits/Ports/135/default.htm -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
