I'm looking at securing a web server (Windows Server 2008). A GRC port scan recommended that I close down port 135 (https://www.grc.com/port_135.htm). However, I've done this before with Windows Server 2003 and after doing this I wasn't able to RDP to the box.
Why is port 135 needed for RDP (port 3389) and since I don't have physical access to the box should port 135 be blocked (if so what about RDP)?
Thanks.
Best Answer
The RPC Endpoint Mapper (port 135) is definitely not required by RDP, and it is perfectly reasonable (and suggested) to block it on a firewall so non local hosts cannot attempt to enumerate and exploit services.
I only say this with certainty because I have many hosts configured like this, and actually just tested it to make sure I wasn't crazy ;-)