why would someone connect to my port 135?
Results 1 to 9 of 9

Thread: why would someone connect to my port 135?

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    12

    Question why would someone connect to my port 135?

    I have a LAN internet connection.since i have installed the firewall, Kerio. I see that other comp. on my LAn are trying to connect to me. e.g Kerio pops up
    --------------------------------------------------------------------
    Someone from 172.19.112.20, port 4694 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer
    -------------------------------------------------------------------------------------------
    Why is someone trying to connect to my port 135? although i see that my port 135 svchost is in listening state, but what is this for? and how can i find out which service is this, as svchost is just hosting a service, right? Please demystify.. Thanks

  2. #2
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Not really "someone" its sounds more like RPC/dcom worms...

  3. #3
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Well it could be anything really. I mean it could be some script kiddie scanning the internet for a vulnerable host and your system was one of them.. He could be looking for a specific vulnerability in svchost.. Could be anything but i wouldn't worry about it..
    "Serenity is not the absence of conflict, but the ability to cope with it."

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It is likely that it is a worm. Do not assume that the user of the machine with that IP address was personally responsible for the attack; most likely they knew nothing about it and have no idea there is a worm on their machine.

    Slarty

  5. #5
    Member
    Join Date
    Oct 2003
    Posts
    62
    if running win 2k or xp. type in dcomcnfg in start/run. click on component services then computers. default properties, right click on the my computer icon that appears when you click on computers tab. right click on the tab and choose properties. click on the default properties tab. untick the enable ditributed COM on this computer. The port will then be listening. yet no response will come from port. you can also disable this in your services tab in control panel, administrative tools, services. stop then disable rpc locator services. enjoy your day further.......
    HO$H Pagamisa. Pro Amour Ludi....

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Posts
    107
    short... yet highly informative.... good work

  7. #7
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I see that other comp. on my LAn are trying to connect to me. e.g Kerio pops up
    --------------------------------------------------------------------
    Someone from 172.19.112.20, port 4694 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer
    -------------------------------------------------------------------------------------------
    Since you say it's another comp on your lan, this comp might have a virus, so you may want check it out.

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    don't worry, Kerio is a very good choice.
    if interested you can enable Kerio to log specific events on the firewall.
    to do so, open the Kerio-Admin and make a rule for port 135.
    there you can set what should happen when someone tries ya port 135.
    >>deny,log,pop up a window,log the packets....

    btw: for all the zonealarm-users: try kerio.

    greetz,
    stanger
    Industry Kills Music.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    472
    well coming out of all assumptions...some1 might be just trying to access the shares on your PC..since its a LAN...peep might be using tools like lanscan to scan for who has shared what...and in this process ur firewall pops up to say some1 trying to connect to ur PC. But i dont overrule...n/w aware viruses n worms or the DCOM completely....so along with the firewall keep a gud AV also with u
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •