You are currently viewing Port 135: Essential Guide to Windows RPC Services

Port 135: Essential Guide to Windows RPC Services

  • Post category:Tech
  • Post comments:0 Comments
  • Reading time:9 mins read

Port 135 is a critical element in computer networking, as it serves as the Remote Procedure Call (RPC) Endpoint Mapper service. This service plays a central role in allowing systems to identify the available services on a machine and the corresponding ports on which they can be found. 

In essence, port-135 enables a system to gain unrestricted access to a target system, providing valuable information for remote access and remote management applications. As you explore the world of computer networking, it’s essential to understand how port-135 fits into the broader landscape of ports and their functions. Ports are unsigned 16-bit integers, ranging from 0 to 65535, that represent communication endpoints and help to identify specific processes or network services. 

By obtaining a detailed understanding of port-135 and its role in the RPC, you’ll be better equipped to navigate and troubleshoot networking issues that may arise. So now, let’s get started.

Port 135: Overview

Port 135: Overview

Port 135 plays an important role in the smooth functioning of networked systems relying on Windows operating systems. In this section, we will learn about Port-135, its role in Windows, and how it works with the Endpoint Mapper.

Role of Port 135 in Windows

Port-135 is essential for Remote Procedure Call (RPC) in Windows environments. RPC enables systems to execute code remotely on other systems, making communications and interactions between computers more efficient and seamless. 

Port-135, specifically, is responsible for the RPC Endpoint Mapper service, which helps other systems identify available services on a machine and the corresponding ports where they can be found. This is crucial for remote management and remote access.

Working with Endpoint Mapper

The Endpoint Mapper service, running on Port-135, maintains a database of available services and their associated ports. When a client wants to interact with a specific service on another system, it queries Port-135 to access the information required to establish a connection. 

Endpoint Mapper’s functionality is vital in typical Windows operations, such as Active Directory communications, allowing systems to know where services like authentication and replication can be found.

Understanding Services

Understanding Services

Services play a vital role in managing and maintaining computer systems, as these background processes help to keep everything running smoothly. In this section, we will focus on port-135 and the services often associated with it. We’ll look closer at two key services: the DCOM Service and the Messenger Service.

DCOM Service

DCOM, or Distributed Component Object Model, is a protocol that enables software components to communicate across a network. Using port-135, the RPC Endpoint Mapper service allows other systems to discover and access those DCOM services on a particular machine. This service is vital for remote access and management in a Windows environment.

The Service Control Manager oversees the DCOM Service, ensuring that it functions as intended. However, it’s worth noting that port-135 can be sensitive to security vulnerabilities, so it’s important to keep your systems up-to-date and secure.

Messenger Service

Another service associated with port-135 is the Messenger Service. This Windows service allows administrators to send messages to other users on the network, often used for system alerts and announcements. Although this service has been deprecated in recent versions of Windows, it still plays a role in some legacy systems.

Similar to the DCOM Service, the Messenger Service relies on the RPC Endpoint Mapper to function. By leveraging port-135, the service enables communication between different parts of the system and users on the network.

Firewall and Network Security

Firewall and Network Security

When managing network security, it’s essential to consider the impact of specific ports, such as port-135. This section will cover Windows Firewall settings and the relationship between HTTPS and port-135.

Windows Firewall Settings

To enhance your network security related to port 135, it’s crucial to adjust the settings in your Windows Firewall:

  1. Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security.
  2. Navigate to the Inbound Rules section on the left pane.
  3. Click on Action and then New rule.
  4. Choose the Custom rule type and click Next.

Adjust the settings as needed to either block or limit access to port-135, considering that this is the RPC Endpoint Mapper service.

HTTPS and Port 135

While HTTPS (port 443) provides secure communication between a browser and a server, port-135 has no direct relationship with HTTPS. However, they might both be active on a system and must be managed to maintain network security effectively. Ensure your HTTPS traffic is encrypted, and close or restrict port-135 based on your enterprise network security 

Frequently Asked Questions

Q1. What is the purpose of port-135 in networking?

Port-135 is used for the Remote Procedure Call (RPC) Endpoint Mapper service. It allows other computers to identify the services that are available on a machine and on which port they can be found. In short, it allows a system to interact with a target system and discover available services. 

This is particularly useful for remote access and remote management of machines in a network environment. For example, it plays an essential role in several Microsoft services, such as Active Directory and Exchange.

Q2. What protocols use port-135, such as msrpc and SMB?

Port-135 primarily uses the Microsoft Remote Procedure Call (msrpc) protocol. The msrpc protocol allows clients to call functions on remote systems, enabling distributed computing and helping systems communicate and run programs across a network. 

SMB, or Server Message Block, is another protocol associated with Microsoft systems; however, it uses ports 445 and 139 primarily for file and printer sharing services. While SMB does not directly use port-135, the Endpoint Mapper service on port-135 can still be required to locate and connect to some RPC-based services that use SMB.

Q3. How can port-135 be secured to prevent cyber attacks?

Securing port-135 involves several measures to prevent unauthorized access and potential cyber-attacks:

  1. Deploy a firewall: Configure the firewall rules to only allow trusted IP addresses and block unwanted incoming connections to port-135.
  2. Use strong authentication: Implement strong authentication methods, such as Kerberos, for any service using port-135.
  3. Keep systems up-to-date: Regularly update the operating system and software to mitigate known vulnerabilities.
  4. Disable unnecessary services: If services using port-135 are not required, disable them to reduce the attack surface.
  5. Regularly monitor network activity: Analyze logs and network traffic to identify and respond to suspicious activities around port 135.

Q4. How does port-135 differ from port 139 in terms of usage?

Port-135 and port 139 serve different purposes in networking. Port-135, as mentioned earlier, is associated with the RPC Endpoint Mapper service that allows systems to discover available services on a remote machine. 

On the other hand, port 139 is mainly used by the NetBIOS protocol, which allows computers to communicate and share resources, such as files and printers, within a local network. Port 139 operates over TCP/IP and is most commonly associated with the Server Message Block (SMB) protocol used for file and printer sharing in Windows environments.

Leave a Reply