Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Block port 135 at switch - cannot login through Novell

Block port 135 at switch - cannot login through Novell 11 years 11 months ago #5627

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
my client complain that all user facing with slow login using Novell client..their suspected network is infected with virus...their want me to block port 135 at switch to solve the problem..after doing that task, user cannot login thru Novell at all..why is this happen?
The administrator has disabled public write access.

Re: Block port 135 at switch - cannot login thru Novell 11 years 11 months ago #5634

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
my client complain that all user facing with slow login using Novell client..their suspected network is infected with virus...their want me to block port 135 at switch to solve the problem..after doing that task, user cannot login thru Novell at all..why is this happen?

--What steps were taken if any, to clean the network of the virus? What virus is the network infected with?
Did you ask the person(s) why they thought blocking Port 135 would solve the slow Login process?
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: Block port 135 at switch - cannot login through Novell 11 years 11 months ago #5638

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
mblast...sasser ..lov gates..and worm...
they said the virus attack from the port...
The administrator has disabled public write access.

Re: Block port 135 at switch - cannot login through Novell 11 years 11 months ago #5639

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
mblast...sasser ..lov gates..and worm...
they said the virus attack from the port...

--As per Symantec's article on Sasser, the ports it uses are TCP 445, 5554, 9996, check the link for your references

securityresponse.symantec.com/avcenter/v...w32.sasser.worm.html

--As per Symantec's article on Lovgate, the ports it uses are TCP 10168, 1192, 20168, check the link for your references

securityresponse.symantec.com/avcenter/v...lw.lovgate.c@mm.html

--As per Symantec's article on MSBLAST, the ports it uses are TCP 135, TCP 4444, UDP 69, check the link for your references

www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

As you will see, Blaster is the one that exploits the DCOM RPC vulnerability using TCP port 135. The article says, it attempts to perform a DoS on MS Windows Update WebServer(windowsupdate.com). A buffer overrun vulnerability can also be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. This can result in execution of malicious instructions with Local System Privileges on an affected system.

As per what you have said, that your network is infected with these viruses, I would suggest to take proper steps for removal of these viruses on infected machines.

Do your Novell Client users provide user credentials to Domain Controller?

If they do, my educated guess is may be Active Directory needs Port 135 and by you blocking the Port 135, the users now are not able to Logon.

Please keep us posted on what steps have or are being taken.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: Block port 135 at switch - cannot login through Novell 11 years 10 months ago #5649

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
tq FallenZero...a very informative info..
i'm not sure about Novell coz other vendor take responsible about the system...on my side is only switches...in your opinion, is it switches that we must configure or just search the infected pc and remove it from network... :?:
The administrator has disabled public write access.

Re: Block port 135 at switch - cannot login through Novell 11 years 10 months ago #5652

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
tq FallenZero...a very informative info..
i'm not sure about Novell coz other vendor take responsible about the system...on my side is only switches...in your opinion, is it switches that we must configure or just search the infected pc and remove it from network... :?:

--Identify the infected PC's, disconnect them from the network, and follow proper virus removal instructions. If you have a Firewall running, block Ports 135 and the NetBIOS Ports.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup