135 is RPC if memory serves - you will certainly want to disable it. http://www.mail-archive.com/bugtraq@xxxxxxxxxxxxxxxxx/msg09495.html Ed Sullivan IT Director esullivan@xxxxxxx <mailto:esullivan@xxxxxxx> KMA Direct Communications Confidential and Proprietary -----Original Message----- From: Tom Mendelboim [mailto:tomerm1@xxxxxxx] Sent: Monday, March 03, 2003 10:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] Open Ports??? http://www.ISAserver.org I randomly scan my ISA's outside IP's and recently I found some open ports that I don't remember seeing them before. There are no rules for them nor packet filters. The TCP ports are: 135 DCE endpoint resolution 1048 Sun's NEO Object Request Broker These ports are showing open only on the ISA. Any other device has these ports not avaiable. I'm using SuperScan for the scan utility. Anyone seen this before? How can I block them? Do I need them there? Thanks, Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')