| Port No | 138 |
| Service Name | MSRPC DCOM RPC Heap BO |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | This signature detects attempts to exploit a heap buffer overflow vulnerability in the DCOM RPC service. |
| Reference Link | Port Number:138 Service Name:MSRPC DCOM RPC Heap BO Port:UDP |
| Attack | According to Symantec Resolution: Restrict access to the following ports: 135/TCP 139/TCP 445/TCP 593/TCP 135/UDP 137/UDP 138/UDP 445/UDP The Internet Connection Firewall in Windows XP or Windows Server 2003 will, by default, block inbound RPC traffic. COM Internet Services may also provide an attack vector via ports 80 and 443. Disable CIS and RPC over HTTP if it is not required. Disabling DCOM will limit exposure to this issue. However, this will limit remote access to the system. Physical access to the system is required if users wish to re-enable DCOM. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.