Options
Firewall Help needed
We have ISA 2004 on W2k3, and I need to block port 135. I have created an access rule to block protocols RPC and RPC server from all networks to all networks. The rule is at the top of the list.
However, when I do a netstat, it shows port 135 still listening. Could the port still be 'closed' when it shows listening? I looked at the services to see if maybe i had to stop the services too, but for RPC, all options are greyed out (only for this service, logged in as domain admin). Im totally confused here.
However, when I do a netstat, it shows port 135 still listening. Could the port still be 'closed' when it shows listening? I looked at the services to see if maybe i had to stop the services too, but for RPC, all options are greyed out (only for this service, logged in as domain admin). Im totally confused here.
Comments
-
Optionstiersten Member Posts: 4,505The firewall ACL doesn't prevent the service from listening. It just prevents somebody from connecting to that port.
-
Optionschrisone Member Posts: 2,278 ■■■■■■■■■□A good firewall should have logs and in your logs would be displayed the deny statements. You should be able to see if that port is being blocked from the networks you have specified to be blocked.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
OptionsL0gicB0mb508 Member Posts: 538The firewall ACL doesn't prevent the service from listening. It just prevents somebody from connecting to that port.
+1 on thisI bring nothing useful to the table...