Question : Exchange ports

Hi,

I've recently been working on a Exchange 2007 server SP1 running on window server 2003 64bit.
I had some problems with RPC over HTTPS.

I checked firewall logs and noticed each time I tried to open outlook that my IP was blocked on the following TCP ports:

135 (RPC).
1030-1099 (RPC Random ports).

What is the risk of keeping these ports open externally?

Answer : Exchange ports

You asked for risk involved with keeping port 135 open, here is a brief description. "You should close it immediately"

Microsoft's DCOM (Distributed, i.e. networked, COM) Service Control Manager (also known as the RPC Endpoint Mapper) uses this port in a manner similar to SUN's UNIX use of port 111. The SCM server running on the user's computer opens port 135 and listens for incoming requests from clients wishing to locate the ports where DCOM services can be found on that machine.

Port 135 is certainly not a port that needs to be, or should be, exposed to the Internet. Hacker tools such as "epdump" (Endpoint Dump) are able to immediately identify every DCOM-related server/service running on the user's hosting computer and match them up with known exploits against those services.
Any machines placed behind a NAT router (any typical residential or small business broadband IP-sharing router) will be inherently safe. And any good personal software firewall should also be able to easily block port 135 from external exposure. That's what you want.

In addition, many security conscious ISPs are now blocking port 135 along with the notorious "NetBIOS Trio" of ports (137-139). So even without any of your own proactive security, you may find that port 135 has been blocked and stealthed on your behalf by your ISP.

Going Further: Closing port 135

The widespread exposure and insecurity of this port has generated a great deal of concern among PC gurus. This has resulted in several approaches to shutting down the Windows DCOM server and firmly closing port 135 once and for all. Although applications may be "DCOM enabled" or "DCOM aware", very few, if any, are actually dependent upon the presence of its services. Consequently, it is usually possible (and generally desirable if you're comfortable doing such things) to shut down DCOM and close port 135 without any ill effects. (The fewer things running in a Windows system, the fewer things to suck up RAM and slow everything else down.)

For your other ports go to https://www.grc.com/port_1030.htm and it will tell you what the port is used for, what applications could use it, and what viruses attack that port.

Hope this helps!

Random Solutions

I need to enable remote control of my home PC from my work PC

DHCP Relay on Pix 501

How to access the Internet over a LAN

ADSL Service Issue- does not connect automatically every time

WPA Security option not present on Win XP Tablet PC Edition PC

Access my home network from my work laptop when I am at home and logged into my work's VPN

IP address conflict

Set up windows xp pro as Network print server

2003 DNS conf : ClassLess reverse zone