Full Disclosure mailing list archives
Re: Why does a home computer user need DCOM?
From: Stephen Perciballi <stephen.perciballi () ca mci com>
Date: Thu, 11 Sep 2003 09:48:11 -0400 (EDT)
Of course it is possible to disable it. It really depends on what you're doing with the OS. I have an XP workstation that only has remote desktop running and everything is working fine. ________________________________________________________________ Stephen Perciballi phone: 1-416-216-5141 Internet Security Specialist cell : 1-416-877-1808 MCI pager: sperciba-pager () ca mci com www.mci.com/ca 24/7 : 1-888-886-3865 On Thu, 11 Sep 2003, Jean-Baptiste Marchand wrote:
* *Hobbit* <hobbit () avian org> [10/09/03 - 13:31]:Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff, including the RPC service itself, without paying the price of having almost everything I do afterward just sit there and stupidly wait for it to respond. A box with it disabled *will* run, just barely, it'll just be sluggish as hell.It is not really possible to disable the rpcss service (a.k.a _Remote Procedure Call (RPC)), probably because a Windows NT system heavily uses Local Procedure Calls (ncalrpc transport), which happen to be handled by the rpcss service. To close port 135 (tcp and udp), used among other things by the MSRPC endoint mapper, you have to minimize Windows services, i.e stop all services that register RPC services.Or at the very least a way to run it so it doesn't listen on a socket bound to *. How 'bout localhost-only, or the equivalent of unix-domain pipes, or *something* to keep it insulated from the network??It is possible to bind RPC services to a specific network interface, for example the loopback interface (127.0.0.1). This technique works on Windows 2000 but not for all RPC services (however, it works for port 135). For more information, see the _RPC Services_ of our _Minimizing Windows network services_ paper: http://www.hsc.fr/ressources/breves/min_srv_res_win.en.htmlHow 'bout the same for SMB/tcp 445?Port 445 is opened by the NetBT driver (thus in kernel-mode) and is always bound to 0.0.0.0 because it was designed as a global device: http://www.hsc.fr/ressources/presentations/sambaxp2003/slide4.html If you don't need SMB/CIFS at all, the easiest way to close port 445 (tcp and udp) is to disable the NetBT driver. You can also set the SmbDeviceEnabled registry value to 0. This is also described in our minimization paper (_CIFS over TCP_ section). PS: thanks for netcat and your _CIFS: Common Insecurities Fail Scrutiny_ paper! Jean-Baptiste Marchand -- Jean-Baptiste.Marchand () hsc fr HSC - http://www.hsc.fr/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Why does a home computer user need DCOM? *Hobbit* (Sep 10)
- Re: Why does a home computer user need DCOM? Nick FitzGerald (Sep 11)
- Re: Why does a home computer user need DCOM? Jean-Baptiste Marchand (Sep 11)
- Re: Why does a home computer user need DCOM? Stephen Perciballi (Sep 11)
- <Possible follow-ups>
- Re: Why does a home computer user need DCOM? Quite Mad (Sep 14)