Security Basics mailing list archives

RCP open! Yikes! What to do?

From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Wed, 18 Sep 2013 11:14:29 -0700

Hi All,

   How do I close MSRPC (remote proceedure call) ports
Om Windows 7?  These a Remote Procediure Call (RPC),
which to me means ports and services for bad guys to
use.  Open RPC scare me.

The is Kaspersky End Point Security 10.1.0.867
with its firewall activated on Windows 7, 64 bit.

This Windows macine a Virtual Machine (KVM) sitting on
the RHEL host's local network.  nmap was run from the host:

Many thanks,
-T



# nmap --reason  192.168.255.112

Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-16 19:42 PDT
Nmap scan report for KVM-W7.xxx.local (192.168.255.112)
Host is up, received arp-response (0.00044s latency).
Not shown: 989 closed ports
Reason: 989 resets

PORT      STATE    SERVICE      REASON
135/tcp   open     msrpc        syn-ack
139/tcp   open     netbios-ssn  syn-ack
445/tcp   open     microsoft-ds syn-ack
1110/tcp  filtered nfsd-status  no-response
5357/tcp  open     wsdapi       syn-ack
49152/tcp open     unknown      syn-ack
49153/tcp open     unknown      syn-ack
49154/tcp open     unknown      syn-ack
49155/tcp open     unknown      syn-ack
49156/tcp open     unknown      syn-ack
49157/tcp open     unknown      syn-ack



The high ports are msrps ports:

Reference:http://serverfault.com/questions/526607/what-is-msrpc-needed-for-on-a-windows-7-workstation


Port   Serv  Process name
49152, msrpc [wininit.exe]
49153, msrpc [svchost.exe, Eventlog]
49154, msrpc [svchost.exe, Schedule]
49155, msrpc [lsass.exe]
49157, msrpc [services.exe]
49159, msrpc [svchost.exe, PolicyAgent]



--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RCP open! Yikes! What to do? ToddAndMargo (Sep 18)
- Re: RCP open! Yikes! What to do? Ansgar Wiechers (Sep 19)
  - Message not available
    - Re: RCP open! Yikes! What to do? Ansgar Wiechers (Sep 19)