DCOM port 1024

tms3 at tms3.com tms3 at tms3.com
Mon Feb 14 14:27:28 MST 2011 



>
>
> X-SpamDetect-Info: ------------- Start ASpam results ---------------
> X-SpamDetect-Info: This message may be spam. This message BODY has 
> been altered to show you the spam information
> X-SpamDetect: ********: 8.0 sd=8.0  [79]89%6.4(SPF Neutral) 
> [212]87%5.6(!46,60) [94]69%0.8(Suspicious proportio) 
> [27]46%-0.0(X-LangGuess:English) [sig=3] [nnot=0,nis=0,0.0]
> X-SpamDetect-Info: ------------- End ASpam results -----------------
>
> On Mon, 2011-02-14 at 13:07 -0800, tms3 at tms3.com wrote:
>>
>> This came up on the samba lists for Samba4 firewall issues. Is this
>> DCOM port really necessary? What does the samba AD model use it for?
>>
>> TIA for any info, always appreciated.
> Can you provide some more context?

Only thing running on this server is Samba4, sshd, ntpd:

Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address       
(state)
tcp4       0      0 192.168.64.3.139       192.168.164.100.54657  
SYN_RCVD
tcp4       0      0 192.168.64.3.1024      192.168.64.6.1095      
ESTABLISHED
tcp4       0      0 192.168.64.3.445       192.168.64.125.59802   
ESTABLISHED
tcp4       0      0 *.3269                 *.*                    
LISTEN
tcp4       0      0 *.3268                 *.*                    
LISTEN
tcp4       0      0 *.636                  *.*                    
LISTEN
tcp4       0      0 *.389                  *.*                    
LISTEN
tcp4       0      0 *.464                  *.*                    
LISTEN
tcp4       0      0 *.88                   *.*                    
LISTEN
tcp4       0      0 *.135                  *.*                    
LISTEN
tcp4       0      0 *.1024                 *.*                    
LISTEN
tcp4       0      0 *.139                  *.*                    
LISTEN
tcp4       0      0 *.445                  *.*                    
LISTEN
tcp4       0     52 192.168.64.3.22        192.168.64.125.53773   
ESTABLISHED
tcp4       0      0 127.0.0.1.25           *.*                    
LISTEN
tcp4       0      0 *.22                   *.*                    
LISTEN
tcp6       0      0 *.22                   *.*                    
LISTEN
udp4       0      0 192.168.64.3.464       *.*
udp4       0      0 192.168.64.3.88        *.*
udp4       0      0 *.464                  *.*
udp4       0      0 *.88                   *.*
udp4       0      0 192.168.64.3.389       *.*
udp4       0      0 *.389                  *.*
udp4       0      0 192.168.64.3.138       *.*
udp4       0      0 192.168.64.255.138     *.*
udp4       0      0 192.168.64.3.137       *.*
udp4       0      0 192.168.64.255.137     *.*
udp4       0      0 *.138                  *.*
udp4       0      0 *.137                  *.*
udp4       0      0 *.514                  *.*
udp6       0      0 *.514                  *.*

Note 1024 is up and running. The machine with ip 192.168.64.6 is a 
W2K3R server binding to port 1024, so it is being used.
>
>
>
> The port assignment (like most interfaces over ncacn_ip_tcp) of the 
> DCOM
> interfaces is dynamically allocated.
Well dynamically, starting with 1024 and moving up the scale should 
the first choice be claimed.
>
> As far as I know we also don't
> enable DCOM by default anymore.

I was somewhat surprised when the email on samba-lists regarding ip 
tables configuration came back with a need to open 1024, and I went 
and looked on my servers and found it listening and active.
>
>
>
> Cheers,
>
> Jelmer
>

More information about the samba-technical mailing list