Security Basics
RCP open! Yikes! What to do? Sep 18 2013 06:14PM
ToddAndMargo (ToddAndMargo zoho com) (1 replies)
Hi All,

How do I close MSRPC (remote proceedure call) ports
Om Windows 7? These a Remote Procediure Call (RPC),
which to me means ports and services for bad guys to
use. Open RPC scare me.

The is Kaspersky End Point Security 10.1.0.867
with its firewall activated on Windows 7, 64 bit.

This Windows macine a Virtual Machine (KVM) sitting on
the RHEL host's local network. nmap was run from the host:

Many thanks,
-T

# nmap --reason 192.168.255.112

Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-16 19:42 PDT
Nmap scan report for KVM-W7.xxx.local (192.168.255.112)
Host is up, received arp-response (0.00044s latency).
Not shown: 989 closed ports
Reason: 989 resets

PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack
139/tcp open netbios-ssn syn-ack
445/tcp open microsoft-ds syn-ack
1110/tcp filtered nfsd-status no-response
5357/tcp open wsdapi syn-ack
49152/tcp open unknown syn-ack
49153/tcp open unknown syn-ack
49154/tcp open unknown syn-ack
49155/tcp open unknown syn-ack
49156/tcp open unknown syn-ack
49157/tcp open unknown syn-ack

The high ports are msrps ports:

Reference:
http://serverfault.com/questions/526607/what-is-msrpc-needed-for-on-a-wi
ndows-7-workstation

Port Serv Process name
49152, msrpc [wininit.exe]
49153, msrpc [svchost.exe, Eventlog]
49154, msrpc [svchost.exe, Schedule]
49155, msrpc [lsass.exe]
49157, msrpc [services.exe]
49159, msrpc [svchost.exe, PolicyAgent]

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: RCP open! Yikes! What to do? Sep 19 2013 08:07AM
Ansgar Wiechers (bugtraq planetcobalt net)


 

Privacy Statement
Copyright 2010, SecurityFocus