Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Leveraging search engines against FrontPage enabled websites
From: mikenel () WAM UMD EDU (Michael Nelson)
Date: Tue, 28 Apr 1998 15:49:33 -0400

On Tue, 28 Apr 1998, David LeBlanc wrote:
2) MMC and a number of the newer admin tools for various NT-ish sorts of
things use DCOM, which runs across 135 UDP, and does NOT depend on 139
being accessible to function.  Also note that DCOM does NOT depend on the
right to log on from the network.  It is definately a smart thing to put
filters in front of the NT box which keep it from accepting packets to 135
(UDP and TCP).  Some of the DCOM utilities have overly broad permissions to
access the thing, but appear to be fairly reasonable about letting you
actually change important items.

DCOM runs across either TCP or UDP. If Win95 is on one end, TCP is always
used. Port 135 is used to bootstrap connections, do activation, and some
other administrative cruft; application communication takes place over a
port in the >1024 range.

See http://www.wam.umd.edu/~mikenel/dcom/dcomfw.htm for the gory details
on this and how you can restrict the range (and force TCP to always be
used on NT). I have a bunch of new things that I need to add to it, and I
will make an announcement here when I do if people are interested.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]