Sign in with
Sign up | Sign in
Your question

Tiny Firewall Pro 6.0: How do I stealth RPC Port 135 ?

Last response: in Networking
Share
Anonymous
August 8, 2004 2:30:59 PM

Archived from groups: comp.security.firewalls (More info?)

XP Pro using Tiny Firewall Pro 6.0.

I have two machines using Internet Conection Sharing.

When I had just the one machine, it was completely stealthed, which was A
GOOD THING, but since installing ICS, I cannot even close this port,
nevermind stealth it.

Port 1025 is also open, but I think it is linked to 135 somehow, so if I can
close 135, 1025 should be made secure.

I have disabled DCOM in the registry, but this hasn't closed the ports.

As my computer is connected 24/7, I don't like the idea of having any open
ports that could be hacked.

Any ideas how I can close this port permanently.

TIA,

Stu.
Anonymous
August 8, 2004 10:31:32 PM

Archived from groups: comp.security.firewalls (More info?)

"Stuart Gibson" <no e-mail address> wrote in
news:1091957461.2327.0@nnrp-t71-03.news.uk.clara.net:

> XP Pro using Tiny Firewall Pro 6.0.
>
> I have two machines using Internet Conection Sharing.
>
> When I had just the one machine, it was completely stealthed, which
> was A GOOD THING, but since installing ICS, I cannot even close this
> port, nevermind stealth it.
>
> Port 1025 is also open, but I think it is linked to 135 somehow, so if
> I can close 135, 1025 should be made secure.
>
> I have disabled DCOM in the registry, but this hasn't closed the
> ports.
>
> As my computer is connected 24/7, I don't like the idea of having any
> open ports that could be hacked.
>
> Any ideas how I can close this port permanently.
>
> TIA,
>
> Stu.
>
>
>

I suggest you use a different testing site to see if the results change
as some sites are better than others.

And a stealthed port means nothing and is overrated. You want to be
stealthed, you should put the machines behind a NAT router that cost as
much as Tiny Pro.

http://blogzine.net/archives/000073.html

http://www.homenethelp.com/web/explain/about-NAT.asp

Duane :) 
Anonymous
August 9, 2004 1:38:33 AM

Archived from groups: comp.security.firewalls (More info?)

"Stuart Gibson" <no e-mail address> wrote in
news:1091998119.25174.0@sabbath.news.uk.clara.net:

> I managed to stealth port 135 by fiddling with the RPC settings. Now
> only port 1025 is open. I guess if I dig into it a bit more, I'll be
> able to block that too.
>
> I've been thinking of getting a router for a while now, as I am
> building up a home network. I only have 2 machines connected ATM, but
> have enough bits lying around to build a couple more.
>
> Can you recommend a good adsl modem/router/firewall/switch combo ?
>
> I don't want to add too many boxes to my already cluttered desk, as I
> am running out of space!
>
> Stu.
>

US Robotics is a manufacturer you maybe looking for in a router ADSL
solution.

http://www.usr-emea.com/products/p-broadband-product.as...
&loc=emea

Duane :) 
Related resources
Anonymous
August 9, 2004 2:04:44 AM

Archived from groups: comp.security.firewalls (More info?)

Jeff wrote:
> I had a similar question about port 113, the IDENT port. I couldn't find a
> way to stealth it. Then I came across a suggestion that I like. Just find
> a random IP that leads to nothing, and have the firewall redirect incoming
> traffic to the ports you want stealthed to that IP which isn't connected to
> anything. No one sending packets will have any idea where they went, so
> you're effectively stealthed.
>
Which is fine, but port 113 isn't often stealthed for a reason. That
being that some mail or news servers can time out waiting for a response
from the IDENT port. In my case, "unstealthing" that port had positive
results.
Anonymous
August 9, 2004 5:06:28 AM

Archived from groups: comp.security.firewalls (More info?)

> I have two machines using Internet Conection Sharing.
> When I had just the one machine, it was completely stealthed, which
> was A GOOD THING, but since installing ICS, I cannot even close this
> port, nevermind stealth it.
> Port 1025 is also open, but I think it is linked to 135 somehow, so
> if I can close 135, 1025 should be made secure.

Hi,
I had the same problem with zone alarm with ICS/NAT in High setting !
I finaly create a rule to block port 135 and 1025.
Since I don't know Tiny, can't you create a rule to close them in UDP & TCP
?
pascal
Anonymous
August 9, 2004 9:50:26 AM

Archived from groups: comp.security.firewalls (More info?)

The problem with tfp6 is there are a million preset default rules, and there
are so many different options, and the help file only refers to version 5,
so a lot of the new stuff is not even described, and its just so damn
complicated, so its all a bit of a nightmare to set up

I'm thinking of deleting all the existing preset rules and starting fresh.

Stu.

"FraPas" <no.mail.by.news@free.fr> wrote in message
news:4116b1f6$0$25583$636a15ce@news.free.fr...
> > I have two machines using Internet Conection Sharing.
> > When I had just the one machine, it was completely stealthed, which
> > was A GOOD THING, but since installing ICS, I cannot even close this
> > port, nevermind stealth it.
> > Port 1025 is also open, but I think it is linked to 135 somehow, so
> > if I can close 135, 1025 should be made secure.
>
> Hi,
> I had the same problem with zone alarm with ICS/NAT in High setting !
> I finaly create a rule to block port 135 and 1025.
> Since I don't know Tiny, can't you create a rule to close them in UDP &
TCP
> ?
> pascal
>
>
>
Anonymous
August 9, 2004 2:06:49 PM

Archived from groups: comp.security.firewalls (More info?)

> I'm thinking of deleting all the existing preset rules and starting fresh.

Hummm .....
Not a good idea,
Perhaps it's better to wait an answer to create a rule OR send an email to
support Tiny.
Is it so much complicated to create a rule in Tiny like in ZA ?
After 1:00, in ZA, I finish to understand how to create a rule to block
those port 135 & 1025.
To much complicated.
Hope you will have a rapid answer.
pascal
Anonymous
August 10, 2004 1:55:21 AM

Archived from groups: comp.security.firewalls (More info?)

And it wasn't so hard after all. I just wish I didn't have to figure
everything out for myself. Where's the version 6.0 manual or help file ??
Software like this shouldn't be released without comprehensive instructions,
especially for newbies (not that I consider myself one, mind you. I've been
using TPF since version 2.0, but since version 4.0 I've kinda just hit and
hoped, and that used to work fine on W98, not so on XP!!)

I created a filter under Network Security/Protocols & Ports.

Only thing is, it says 'Filter is Inactive' for every filter in the list,
when in fact they MUST be active, otherwise the filter I just created
wouldn't work!

I feel a bug report coming on....

Stu.

"FraPas" <no.mail.by.news@free.fr> wrote in message
news:41173099$0$4140$626a14ce@news.free.fr...
> > I'm thinking of deleting all the existing preset rules and starting
fresh.
>
> Hummm .....
> Not a good idea,
> Perhaps it's better to wait an answer to create a rule OR send an email to
> support Tiny.
> Is it so much complicated to create a rule in Tiny like in ZA ?
> After 1:00, in ZA, I finish to understand how to create a rule to block
> those port 135 & 1025.
> To much complicated.
> Hope you will have a rapid answer.
> pascal
>
>
>
!