PDA

View Full Version : what is epmap?



tombom
19 Nov 2001, 08:19
netstat reports the following:

my hostname:epmap my hostname:0 Listening

but outpost does not reference epmap.

I was just wondering what exactly it is?

Rich S
19 Nov 2001, 08:35
Microsoft DCE Locator service aka. end-point mapper. It works like Sun RPC portmapper, except that end-points can also be named pipes. Microsoft relies upon DCE RPC to remotely manage services. Some services that use port 135 of end-point mapping are:
DHCP server
DNS server
WINS server


HTH

WizzOzz
19 Nov 2001, 08:38
Please read this in the future and provide us with necessary information:
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=976
Thx.

Google - epmap:
--------------------
epmap - Windows NT Endpoint Mapper 135 - tcp TCP port 135, similar to its sister port UDP 135, allows an attacker to view sensitive system information without authenticating. Information such as installed services and internally addressable IP addresses (RFC 1913) can be discovered and leveraged to gain further access. If TCP 135 is an essential service in your organization (i.e. - MS Exchange requires it), you must restrict the source of who can connect to the port via a port filtering mechanism such as a firewall.

epmap - Windows NT Endpoint Mapper 135 - udp UDP port 135, similar to its sister port TCP 135, allows an attacker to view sensitive system information without authenticating. Information such as installed services and internally addressable IP addresses (RFC 1913) can be discovered and leveraged to gain further access. If UDP 135 is an essential service in your organization (i.e. - MS Exchange requires it), you must restrict the source of who can connect to the port via a port filtering mechanism such as a firewall

Google - nt endpoint manager:
---------------------------------------
http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/Distrib/dsbd_int_YSRK.htm

Beside that I dont understand much I would guess its a netbios process running and listening.

tombom
20 Nov 2001, 09:16
epmap is something new. I've made no changes to any software. (accept updating OP)

Yet for some reason, epmap just started showing up in Netstat. I have netbios turned off in win 2000, and its blocked in outpost. I have no need for epmap.

Am I vulnerable to anything by having it run? Does anyone know what might have caused it to start running? and does anyone know how or if I should turn it off?

ty for the input,

tom

WizzOzz
20 Nov 2001, 10:05
Again, read this:
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=976


epmap is something new. I've made no changes to any software. (accept updating OP)
It could be that the new version of Outpost changed the netstat display.
Please make a screenshot of the whole netstat with epmap listening and attach it to your next post.

I have netbios turned off in win 2000,
How?

Am I vulnerable to anything by having it run?
As long as Outpost is running the port is protected.

Does anyone know what might have caused it to start running?
No idea. If its not the display of Outpost something has changed on your system, no logical other answer. Nothing installed or changed in the last time (windows services especially)? Could a program with connection to the internet has download an update? (Hows it with windows updates?)

and does anyone know how or if I should turn it off?
Depends on what I see on the screenshot.

Mikhail
20 Nov 2001, 21:23
It could be that the new version of Outpost changed the netstat display.
Yes, earlier version of Outpost did not show all the ports and connections (it was reported on this forum several times). We have fixed it, so do not be surprise if you see some new ports in netstat.