Routers block out RPC by default?

[elzmaddy]

I looked at my Netgear gateway's filter set, and there were no explicit filters regrading ports 135, 4444, 69, etc -- only ports 21, 23, 137-139, 80 were blocked (UDP/TCP). I did however create a filter set for all the RPC related ports. So my question, since there are no explicit rule to forward these ports, do routers, without any additional configuration, block out incoming RPC requests?

 

[owensdj]

Yes. All firewall routers I've seen do block port 135 by default.

 

[elzmaddy]

I see. Are most routers are configured by default with a rule to block the port, or does this happen just because they don't know where to forward it?

 

[owensdj]

That's a good question. I'm not sure about that myself, but I think the ports like 135 get blocked because the router doesn't know where to forward it. It won't know until you turn on port forwarding.

 

[stash]

A firewall should always be configured to drop everything. You then open the ports you need.

 

[beer]

Originally posted by: STaSh
A firewall should always be configured to drop everything. You then open the ports you need.

Yea, most firewalls will block all WAN->LAN traffic except the ports you specify; however they will usually allow all LAN->WAN traffic through regardless of port, due to dynamic ports

 

[stash]

Yeah I know, I probably should've made that more clear. But the original post asked if routers block incoming RPC by default.

 

[nightowl]

All NAT devices will block all unsolicited incoming traffic by default. This is how NAT can be considered a firewall. To get around this you can either open selected ports so you can run various web services (www & ftp) or you can put a PC in the DMZ. So, unless you specifically open the port or your PC is in the DMZ you will be fine.

 

[DurocShark]

My crappy little Microsoft wireless base station blocks it by default.

 

[Macro2]

On a Cisco router if you place an access list on an interface the implicit deny order is in effect. You must then open up what you want to let in or out.