Results 1 to 4 of 4

Thread: RPC port 135 change

  1. #1
    Registered User
    Join Date
    May 2006
    Location
    Somewhere in India
    Posts
    1
    Thanks
    0
    Thanked
    0 times in 0 posts

    Cool RPC port 135 change

    Hi All

    I want to change my Windows Server 2003 RPC port 135 to ay unused port. Kindly guide me with detiled steps for this. Our networking team refuses to open RPC 135 for DC communication. They fear RPC port vulnerability. I knows that already Microsoft released the patch for this vulnerability.

    Regards
    Britto

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,932
    Thanks
    171
    Thanked
    383 times in 310 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC
    Quote Originally Posted by bravobritto
    Hi All

    I want to change my Windows Server 2003 RPC port 135 to ay unused port. Kindly guide me with detiled steps for this. Our networking team refuses to open RPC 135 for DC communication. They fear RPC port vulnerability. I knows that already Microsoft released the patch for this vulnerability.

    Regards
    Britto
    RPC does not just use port 135. It uses 135 to initiate communication, and then communication will occur between any of the "high" ports. I dont think what you are after is possible (but wait to be proven wrong)
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  3. #3
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Yup, TCP port 135 is the RPC listener port and is hard-coded.

    A client makes a connection with this standard port and then the server dynamically allocates a port in the range 1024-5000 to listen on for the actual RPC communication, valid for the life of the connection.

    The RPC port range can be changed as required, but for DCs don't make it too small as RPD is a key component for replication as well as client communication.

    Check out this KB, which describes using port restrictions and IPSec (in which case you can firewall port 135).
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  4. #4
    Member
    Join Date
    Jan 2005
    Location
    Terry and June Land
    Posts
    167
    Thanks
    0
    Thanked
    0 times in 0 posts
    Maybe if you can consider an alternaticve to RPC? Whats the language you are using?

    Personally I would go SOA with webservices - all over port 80 or 443 but that may not be practical for you.

    They fear RPC port vulnerability
    Its the handler not the port that is vulnerable - it's just that malware will start intially with that port. A sophisticated port scanner will sus this.

    Are you able to lock down the port by IP Range or MAC perhaps?

    Good Luck

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. RPC port change
    By bravobritto in forum Welcome to HEXUS!
    Replies: 2
    Last Post: 06-05-2006, 10:32 PM
  2. Port forwarding
    By yuthra253 in forum Networking and Broadband
    Replies: 6
    Last Post: 02-12-2005, 09:46 PM
  3. Win 2K/2K3 Terminal Service change port?
    By arthurleung in forum Software
    Replies: 4
    Last Post: 22-04-2005, 09:22 PM
  4. Port Forwarding (zsnes & zbattle.net)
    By Kumagoro in forum Networking and Broadband
    Replies: 2
    Last Post: 19-08-2004, 07:33 PM
  5. Start Port. End Port?
    By rough_neck in forum Networking and Broadband
    Replies: 7
    Last Post: 10-11-2003, 09:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •