Firewall Help needed

We have ISA 2004 on W2k3, and I need to block port 135. I have created an access rule to block protocols RPC and RPC server from all networks to all networks. The rule is at the top of the list.

However, when I do a netstat, it shows port 135 still listening. Could the port still be 'closed' when it shows listening? I looked at the services to see if maybe i had to stop the services too, but for RPC, all options are greyed out (only for this service, logged in as domain admin). Im totally confused here.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

tiersten

The firewall ACL doesn't prevent the service from listening. It just prevents somebody from connecting to that port.

chrisone

A good firewall should have logs and in your logs would be displayed the deny statements. You should be able to see if that port is being blocked from the networks you have specified to be blocked.

L0gicB0mb508

tiersten wrote: »

The firewall ACL doesn't prevent the service from listening. It just prevents somebody from connecting to that port.

+1 on this