TCP port 135 is the MSRPC endpoint mapper. You can bind to that port on a remote computer, anonymously, and either enumerate all the services (endpoints) available on that computer, or you can request what port a specific service is running on if you know what you're looking for. Let me show you an example of querying the RPC Enpoint Mapper:

By sending a Lookup request to the portmapper TCP 135 it was possible to enumerate the Distributed Computing Environment services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. So now I have the following questions:

The RPC Endpoint Mapper (port 135) is definitely not required by RDP, and it is perfectly reasonable (and suggested) to block it on a firewall so non local hosts cannot attempt to enumerate and exploit services. I only say this with certainty because I have many hosts configured like this, and actually just tested it to make sure I wasn't crazy ;-)

One thing that puzzles me is Port 135. In Windows Firewall there is an inbound rule "Windows Management Instrumentation (DCOM-In)" with these settings: Profile:All, Enabled:Yes, Action:Allow, LocalAddress:Any, RemoteAddress:Any

2019年6月21日 · What I cannot find clear info on is, is safe to allow a domain-level exception for RPC (port 135) for my whole network? My main fear is that, if someone were to get into our private network, would this grant them an easier traversal than if this exception weren't in place?

TCP port 135 (epmap service): FILTERED portqry.exe -n 10.6.8.35 -e 135 -p TCP exits with return code 0x00000002. TCP port 445 (microsoft-ds service): FILTERED portqry.exe -n 10.6.8.35 -e 445 -p TCP exits with return code 0x00000002. Wireshark also shows that DC1 receives packets, but does not reply back to DC2, so DC2 retransmits. Other ports ...

2017年11月12日 · For a classic VM, you need create an endpoint for port 135. Please refer to this link. Update: According to long chatting, it seems Azure NSG and firewall configuration is all right. Your ISP and company firewall also could block port 135, you have a choice. Creating a point-to-site VPN. Access your server with private IP(not public).

2014年5月1日 · UDP Port 88 for Kerberos authentication. UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations. TCP Port 139 and UDP 138 for File Replication Service between domain controllers. TCP and UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Other than a typical banner grab/service enumeration with nmap like: nmap -sV -sT <ip>

135-139 are the ports used for SMB (mostly, sometimes 445) and Windows RPC. 1434 UDP would only be necessary if you are using the SQL Browser to connect to the instance, say in the case of a named instance (SERVERNAME\INSTANCE) but if you are using (SERVERNAME or SERVERNAME,PORT) and the instance is for sure running on 1433 then no additional ...