My firewall keeps reporting intrusion attempts described as "DCE endpoint resolution." What's going

Puneet Mehta, SDG

My firewall keeps reporting intrusion attempts described as "DCE endpoint resolution." What's going on? The intrusion even seems to be coming from my own ISP on TCP port 135!

Port 135 is registered as "epmap - DCE endpoint resolution" and can be enumerated by connecting on port 135 and doing the appropriate queries. Mostly used by Microsoft for RPC locator service, it can be used to lookup what ports other services are running on Distributed Computing Environment (DCE) services on the remote host. An attacker may use this fact to gain more knowledge about the remote host. Trojans are a common example that exploits this vulnerability.

The solution: filter incoming traffic to this port. If possible, this port should NOT be opened except in certain circumstances where you are protected by another firewall (e.g. in a corporate DMZ situation).

This was last published in January 2005

Dig Deeper on Network Security Monitoring and Analysis

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchUnifiedCommunications

How IT can help prevent UC tool communication overload

The use of too many communication tools can create communication overload for employees. To help, IT may be able to take ...

CPaaS trends reflect expanded vendor offerings

CPaaS trends, like high-level APIs, are helping providers expand their portfolios and strengthen offerings for organizations that...

Cisco enhances Webex Teams meetings, expands PBX support

Cisco has brought the full feature set of Webex Meetings into Webex Teams. The vendor is also releasing new collaboration devices...

SearchMobileComputing

Deploy kiosk devices with the Managed Home Screen Android app

The Managed Home Screen app allows Microsoft Intune admins to deploy multi-app kiosk devices. IT should learn the two best ...

New Outlook features appeal to users on the go

At Ignite, Microsoft announced some improvements to its Office app and Outlook for iOS and Android. Learn about how it benefits ...

Smartphone market trends elicit longer refresh cycles

Organization must follow the smartphone market trends to inform their purchase decisions. Mobile admins should tailor purchase ...

SearchDataCenter

Microsoft quantum development turns toward hardware

Microsoft revealed plans to jump into the quantum hardware business with a chip capable of running quantum software.

Top 5 options for Linux certifications

Are you ready to expand your Linux knowledge? Here's a look at the latest courses, training content and exams available from ...

New hardware, use cases shape server benchmarking needs

Advancements in server hardware help admins address the latest data-intensive use cases. But this brings questions about the ...

SearchITChannel

CPaaS market could boost partners with the right skills

Channel companies that want to become CPaaS partners should expect to encounter a new set of buyers, a rapidly changing ...

Cisco CX sees greater formalization at partner summit

The Cisco Partner Summit put the spotlight on the company's customer experience and Lifecycle Advisor efforts. Cisco also ...

Cybersecurity puts managed services industry at a crossroads

MSP software vendor ConnectWise's annual IT Nation Connect event revealed the pressures managed service providers are under to ...

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.