RPC and SMB security issue at public network

Discussion in 'Virus Information' started by å¶ç§‹, Jun 8, 2010.

  1. å¶ç§‹

    å¶ç§‹ Guest

    RPC's port is fixed to 135, there's no way to change it to 123
    SMB's port is fixed to 445, there's no way to change it to 13
    when RPC or SMB becomes dangerous, virus and hackers can easily take
    control over my computer

    the only way i have found to change RPC's port is that to edit the
    file rpcss.dll and RpcEpMap.dll (this file not included by windows xp)
    by changing hex code 310033003500 to 310032003300 in file rpcss.dll
    and RpcEpMap.dll

    SMB binds to all IP address
    SMB can't bind to a specific network interface, as NetBIOS over Tcpip
    does
    SMB can't bind to a specific IP address or a specific IP address
    region
    it's a security issue when one computer at public network
     
    å¶ç§‹, Jun 8, 2010
    #1
    1. Advertisements

  2. å¶ç§‹

    No Mo Guest

    Thanks for sharing that with us.

    : RPC's port is fixed to 135, there's no way to change it to 123
    : SMB's port is fixed to 445, there's no way to change it to 13
    : when RPC or SMB becomes dangerous, virus and hackers can easily take
    : control over my computer
    :
    : the only way i have found to change RPC's port is that to edit the
    : file rpcss.dll and RpcEpMap.dll (this file not included by windows xp)
    : by changing hex code 310033003500 to 310032003300 in file rpcss.dll
    : and RpcEpMap.dll
    :
    : SMB binds to all IP address
    : SMB can't bind to a specific network interface, as NetBIOS over Tcpip
    : does
    : SMB can't bind to a specific IP address or a specific IP address
    : region
    : it's a security issue when one computer at public network
     
    No Mo, Jun 8, 2010
    #2
    1. Advertisements

  3. From: "??" <>

    | RPC's port is fixed to 135, there's no way to change it to 123
    | SMB's port is fixed to 445, there's no way to change it to 13
    | when RPC or SMB becomes dangerous, virus and hackers can easily take
    | control over my computer

    | the only way i have found to change RPC's port is that to edit the
    | file rpcss.dll and RpcEpMap.dll (this file not included by windows xp)
    | by changing hex code 310033003500 to 310032003300 in file rpcss.dll
    | and RpcEpMap.dll

    | SMB binds to all IP address
    | SMB can't bind to a specific network interface, as NetBIOS over Tcpip
    | does
    | SMB can't bind to a specific IP address or a specific IP address
    | region
    | it's a security issue when one computer at public network

    It is ONLY an issue if there is a vulnerability AND the Windows FireWall is not enabled.
     
    David H. Lipman, Jun 8, 2010
    #3
  4. å¶ç§‹

    Virus Guy Guest

    Disable the IPC$ share by doing the following:

    ---------
    Remove IPC$ Share Remote Netbios Attack Vulnerability

    1. Open Regedit
    2. HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Control ->
    Lsa -> restrictanonymous
    3. Change "Value Data" from 0 to 1
    4. This will disable remote logon to a null IPC$ share
    ---------
     
    Virus Guy, Jun 12, 2010
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.