Posts Tagged ‘TCP/135’

TCP/135 (Microsoft RPC) traffic

September 29, 2008

One of the protocols monitored in FireGen ( is TCP/135 used by Microsoft RCP (Remote Procedure Call). The reason for this is the fact that RPC had a few vulnerabilities exploited in large scale attacks against systems running Microsoft Windows. Every day we can see attempts to connect to this port, all of them from IP addresses coming from China (121.14.212.x, 122.224.5.x, etc…). The question is, are these just infected computers randomly checking remote hosts for “holes” or are they directed by people? One can add these IPs to the “Monitored IPs” list in FireGen and see if they keep showing up.