Options
Firewall Help needed
We have ISA 2004 on W2k3, and I need to block port 135. I have created an access rule to block protocols RPC and RPC server from all networks to all networks. The rule is at the top of the list.
However, when I do a netstat, it shows port 135 still listening. Could the port still be 'closed' when it shows listening? I looked at the services to see if maybe i had to stop the services too, but for RPC, all options are greyed out (only for this service, logged in as domain admin). Im totally confused here.
However, when I do a netstat, it shows port 135 still listening. Could the port still be 'closed' when it shows listening? I looked at the services to see if maybe i had to stop the services too, but for RPC, all options are greyed out (only for this service, logged in as domain admin). Im totally confused here.
Comments
-
Options
tiersten
Member Posts: 4,505
The firewall ACL doesn't prevent the service from listening. It just prevents somebody from connecting to that port. -
Options
chrisone
Member Posts: 2,278 ■■■■■■■■■□
A good firewall should have logs and in your logs would be displayed the deny statements. You should be able to see if that port is being blocked from the networks you have specified to be blocked.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
Options
L0gicB0mb508
Member Posts: 538
The firewall ACL doesn't prevent the service from listening. It just prevents somebody from connecting to that port.
+1 on thisI bring nothing useful to the table...