security issues with port 135

security issues with port 135

Post by George Hoenninge » Sat, 25 Sep 1999 04:00:00



Can anybody please explain to me what security issues can arise if I open
port 135 (for TCP and UDP traffic)on my router (I currently block this and
most other ports) so I can connect to my exchange server from outside?

I need to figure out what my risk and exposure is.

I am using Exchange 5.5 SP2 on NT 4.0 SP3.

Thanks,

George Hoenninger

 
 
 

security issues with port 135

Post by Albert Brownin » Sat, 25 Sep 1999 04:00:00


If you bind the directory and information stores to specific ports then you
wouldn't need port 135.  Since ports are assigned dynamically, by default,
port 135 is needed (it's the port mapper).

Quote:> Can anybody please explain to me what security issues can arise if I open
> port 135 (for TCP and UDP traffic)on my router (I currently block this and
> most other ports) so I can connect to my exchange server from outside?

> I need to figure out what my risk and exposure is.

> I am using Exchange 5.5 SP2 on NT 4.0 SP3.

> Thanks,

> George Hoenninger


 
 
 

security issues with port 135

Post by George Hoenninge » Sat, 25 Sep 1999 04:00:00


Albert,

I am assigning the directory and information stotes specific ports via
registry entries.

I have two big security concerns with this way:

1.  Can somebody take over my my machine or cause any problems by going in
through port 135 (since it will be open on the router)?

2.  How can I protect my password?  When I connect to my Exchange server,
aren't I sending my username and password for authentication by the Exchange
server?  The UNIX sys admins at work say that NT encryption isn't very good
and they don't feel safe having that information so unproctected.

Thanks for the help.

George


>If you bind the directory and information stores to specific ports then you
>wouldn't need port 135.  Since ports are assigned dynamically, by default,
>port 135 is needed (it's the port mapper).


>> Can anybody please explain to me what security issues can arise if I open
>> port 135 (for TCP and UDP traffic)on my router (I currently block this
and
>> most other ports) so I can connect to my exchange server from outside?

>> I need to figure out what my risk and exposure is.

>> I am using Exchange 5.5 SP2 on NT 4.0 SP3.

>> Thanks,

>> George Hoenninger

 
 
 

security issues with port 135

Post by Rich Matheise » Sun, 26 Sep 1999 04:00:00



>If you bind the directory and information stores to specific ports then you
>wouldn't need port 135.  Since ports are assigned dynamically, by default,
>port 135 is needed (it's the port mapper).

You still need port 135. The client has no way of knowing what port
the IS and DS operate on without the services of the RPC Locator.

------------------
Rich Matheisen
MCSE, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

security issues with port 135

Post by Rich Matheise » Sun, 26 Sep 1999 04:00:00


                                        [ snip ]

Quote:>1.  Can somebody take over my my machine or cause any problems by going in
>through port 135 (since it will be open on the router)?

There is always the risk of attack when exposing an unprotected port
to the Internet. The primary risk with port 135 is from a DoS attack
(Denial of Service). Other risks are the use of your port 135 to
discover the OTHER ports that are operating on your system using other
"well known" services (WINS, DNS, etc) that use RPCs.

Quote:>2.  How can I protect my password?  When I connect to my Exchange server,
>aren't I sending my username and password for authentication by the Exchange
>server?  The UNIX sys admins at work say that NT encryption isn't very good
>and they don't feel safe having that information so unproctected.

You're never sending your password when you use RPC. You send a _hash_
of your password that is used to request authentication.

If you use NT and have no Win95 or Win98 clients you can use the NTCR
and disable the use of the weaker NTLM authentication. If you use NTLM
and passwords longer than 7 chanracters, but less than 14 characters,
you do offer an attacker a better opportunity to "crack" your
password. The solution is to use 7 or 14 character passwords. Better
yet, lose the insecure clients.

To reduce the risk further, enforce the use of strong passwords and
shorten the time before a password expires. How long? That depends on
the strength of the passwords and the importance of your data.

------------------
Rich Matheisen
MCSE, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

1. security issues with port 135

Can anybody please explain to me what security issues can arise if I open
port 135 (for TCP and UDP traffic)on my router (I currently block this and
most other ports) so I can connect to my exchange server from outside?

I need to figure out what my risk and exposure is.

I am using Exchange 5.5 SP2 on NT 4.0 SP3.

Thanks,

George Hoenninger

2. Eudora Lite as Exchange Client

3. i can't receive attachment.

4. HELP ! Firewall issues - RPC port 135

5. Public folder permissions

6. Port 135 Issue

7. CAN'T FIND ARCHIVE

8. Firewall Issues - RPC Port 135

9. Firewall issues - RPC Port 135

10. Firewall - RPC port 135 issues

11. connecting to Exchange server via port 135 and assigned static ports from outside a secure router

12. Enabling TCP/IP port 135