Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
1
Replies

Cisco Security Agent unable to close tcp/135 port on Windows hosts

Go to solution
Sergey Tregubov
Level 1
Level 1

‎03-17-2011 05:44 AM - edited ‎03-09-2019 11:27 PM

Hello

I've encountered with problem that Cisco Security Agent unable to close port TCP/135 on windows PC (XP or Win7).

I've configured rule module Network Access Control to prevent all client/server connections to port tcp/135.

I've checked my policy using nmap, so this port (TCP/135) during 20 minutes shows as filtered and i can see log in monitor event on CSA MC, during next 20 minutes it show as opened and no log shows. (time not exact, so it maybe 30 minutes or 5,it varies)

Can anyone explain how TCP/135 works and is it possible to close it using CSA?

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mwinnett
Level 3
Level 3

‎03-25-2011 03:30 AM

There is another question for the same issue on the forums (see: CSA 6.0.2.145 problem with windows 7 firewall). I wrote:-

"I went ahead and tested this in the lab with winXP and CSA 602-149 (latest). I defined a rule with DENY tcp/135 and ran the nmap and it reports opened (wireshark shows syn-ack to the syn). I changed it to a PRIORITY DENY and now the nmap reports closed (wireshark shows reset to the syn). Via the cli, netstat -an shows the pc listening on tcp/135 & disabling CSA the syn gets the syn-ack response. To me this implies a couple of defect. 1: The DENY should block syn to tcp135 & 2: CSA should not send reset (it should be reset). Is it possible to open a TAC case and put my name (mwinnett) in it and I will open a defect."

Matthew

View solution in original post

0 Helpful
1 Reply 1

Go to solution
mwinnett
Level 3
Level 3

‎03-25-2011 03:30 AM

There is another question for the same issue on the forums (see: CSA 6.0.2.145 problem with windows 7 firewall). I wrote:-

"I went ahead and tested this in the lab with winXP and CSA 602-149 (latest). I defined a rule with DENY tcp/135 and ran the nmap and it reports opened (wireshark shows syn-ack to the syn). I changed it to a PRIORITY DENY and now the nmap reports closed (wireshark shows reset to the syn). Via the cli, netstat -an shows the pc listening on tcp/135 & disabling CSA the syn gets the syn-ack response. To me this implies a couple of defect. 1: The DENY should block syn to tcp135 & 2: CSA should not send reset (it should be reset). Is it possible to open a TAC case and put my name (mwinnett) in it and I will open a defect."

Matthew

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents