• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

what is meaning of EPMAP blocked port 135

This evening I had continuous attacks reported by Norton as: rule default block EPMAP blocked 10.0.0.4 port dcom 135 inbound TCP connection.     

1.) Could someone please explain the nature of this type of attack or point me to online link for more details

2.) The attacks took began at 6:pmET until the present which is 9:15pm in case it is of importance to those who track or anyone who had similar experience

3.)  Years ago, Norton provided a map that showed visually where attacks originated.  (I've had Norton for over a decade.)  Can I do the same thing now through NOrton or some other tool?

4.) Is there anything I can do to discourage the continuation of these attacks or is it simply my role to endure them until the attack is through with their wargames?????

                                                                   Thanks for all assistance.

Replies

Kudos0

Re: what is meaning of EPMAP blocked port 135

Hi helpme,

Are you on a local network?  By default Norton blocks EPMAP and port 135.  Your IP address, 10.0.0.4, is a private IP address that corresponds to something on your local network, and cannot be routed over the internet.  So you were not under attack, but something on your own network tried to communicate with your PC and was prevented from doing so by this Norton default rule.  Nothing to worry about (even if it had come from the internet, Norton will always block it, so still nothing to worry about - that's what the rule is there for).

Kudos0

Re: what is meaning of EPMAP blocked port 135

Thanks for the info.  Is it possible for me to identify the source machine or program that NOrton is reporting as the attacker?   What does "inbound TCP connection" mean?  Norton identifies it as such.  After I post this message I am going to restart computer which has been on for quite a while and see if it ends the loop.  Thanks again.

Kudos1

Re: what is meaning of EPMAP blocked port 135

It is probably your own computer.  My Norton History logs are filled with "Default EPMAP blocks" that are nothing more than svchost.exe communicating to "all local network adapters," - just Windows checking on the network.  Highlight an entry in your Norton History and click "More Details."  Is is just you on a home network behind a router, or are you on a larger corporate network?

Kudos0

Re: what is meaning of EPMAP blocked port 135

just me behind a router.   I checked the network map that is provided by Norton.  Both IP belong to my two computers on the network.  It would appear that something on the other computer is trying to access this one.  Can someone tell me how to identify what program might be initiating the communication via port 135 using TCP protocals?   Thanks for the insight into this problem.

Accepted Solution
Kudos2

Re: what is meaning of EPMAP blocked port 135

helpme -

You can run TCPview.exe (part of the Sysinternals Suite from Microsoft - available here) on the other machine to view what process is running / using what port, protocol and process ID.  Most likely it will be the svchost.exe service of Windows; as SendOfJive pointed out, Windows (as a default) keeps a constant check on the local network using port 135 and DCOM / EPMAP.  Most security software blocks this as they handle the network's information in a much more secure manner.

Win7 x32 SP1
Kudos0

Re: what is meaning of EPMAP blocked port 135

Thanks for the quick replies and solutions to my inquiry.  Very helpful forum.  I will be checking to see if this same "EPMAP blocked at port 135" comes up regularly when more than one puter is logged on the network behind the router.  The blocked communication was between my own two computers.  Even though I am not a geek, I should have deduced that from the IP addresses given.  It raised a flag, but no light went on.                      Thanks again 

Replies are locked for this thread.