mstjohn1974
New Member
- Joined
- Oct 25, 2020
- Messages
- 8
- Thread Author
- #1
I am running security and vulnerability scans against a few Windows Server and I cannot figure out how to resolve or mitigate DCE/RPC and MSRPC Services Enumeration Reporting issues. Here is the scan result slightly altered to protect my network:
Summary
Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.
Detection Result
Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
Port: 49664/tcp
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49664]
Port: 49665/tcp
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49665]
Annotation: Event log TCPIP
Port: 49667/tcp
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
Endpoint: ncacn_ip_tcp:192.168.100.7[49667]
Annotation: RemoteAccessCheck
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49667]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49667]
Annotation: Ngc Pop Key Service
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49667]
Annotation: Ngc Pop Key Service
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.100.7[49667]
Annotation: KeyIso
Port: 49687/tcp
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49687]
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49687]
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
Endpoint: ncacn_ip_tcp:192.168.1007[49687]
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49687]
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49687]
Port: 49691/tcp
UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49691]
Annotation: Remote Fw APIs
Port: 49692/tcp
UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: AppInfo
UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: Proxy Manager provider server endpoint
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: IP Transition Configuration endpoint
UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: AppInfo
UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: AppInfo
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: IKE/Authip API
UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: Proxy Manager client server endpoint
UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: Adh APIs
UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
UUID: fb9a3757-cff0-4db0-b9fc-bd6c131612fd, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: AppInfo
UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49692]
Annotation: AppInfo
Port: 49697/tcp
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49697]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49697]
Annotation: Ngc Pop Key Service
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
Endpoint: ncacn_ip_tcp:192.168.100.7[49697]
Annotation: Ngc Pop Key Service
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
Endpoint: ncacn_ip_tcp:192.168.100.7[49697]
Annotation: KeyIso
Port: 49709/tcp
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.100.7[49709]
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
Impact
An attacker may use this fact to gain more knowledge about the remote host.
Solution
Solution Type:
Mitigation
Filter incoming traffic to this ports