I set up a dummy computer to find vulnerabilities in so I can learn how to understand half the stuff that posted on this site- When I was looking at it, I found ports 139 and 135 open. I know 139 is shared stuff, and I know how to disable that. I searched around about 135, and found the name epmap a lot. It looks like epmap is bad, and everyone is in a big hurry to disable it, but I've never heard of it nor do I know how to disable it myself. If someone could just give me a quick summary, link or a couple keywords to google that would be great.
In short, I dont really need information about exploiting it, I just want to know whats so bad about 135 and what epmap is.
Port 135 is essential to the functionality of Active Directory and Microsoft Exchange mail servers, among other things.
epmap stands for End Point Mapper, and represents that your computer has established a listening port for another process.
Some of this is benign. See the following to determine who and what is using the RPC service: http://petri.co.il/quickly_find_local_open_ports.htm
1. Make sure you have a firewall. The native XP ICF firewall is sufficient.
2. Make sure you have all the latest MS security patches installed. Visit the MS Windows Update site to check your system.
Found on some sizites. :)
somehow your link broke- I was able to get there though, here it is
End Point Mapping allows a remote computer to interact with or control local apps/process. on your network this can be a good thing on the internet not so good.
If someone is controlling apps on your computer, would you see something in your processes? What program does the interaction?
thats much too broad a question and would require a complete explanation of rpc (remote procedure call ) and wmi, windows management interface or is it implementation...i forget what it stands for but it pretty much can do anything you want it to with scripts or programs written for this purpose. this port along with 445 is home for the RPC/dcom exploit