dnswatchdog.iodocs
Issues

Port 135: MS-RPC

Open MS-RPC port detected on a publicly accessible host.

Severity: Critical | Port: 135

What is MS-RPC?

MS-RPC (Microsoft Remote Procedure Call) is a Windows protocol that allows programs on one computer to execute code on another computer over a network. Port 135 is the RPC endpoint mapper — it tells clients which port a particular RPC service is running on. It is a core component of Windows networking used for DCOM, WMI, and Active Directory communication.

Why this is a problem

Port 135 has been exploited in some of the most damaging cyberattacks in history, including the Blaster worm. It provides attackers with information about available services and can be used as an entry point for remote code execution. There is almost never a legitimate reason for this port to be accessible from the public internet.

What you should do

  • Block port 135 at the firewall level — it should never be exposed to the internet
  • If Windows RPC services are needed, restrict access to internal networks or VPN connections
  • Ensure Windows systems are fully patched and up to date
  • Audit which RPC services are running and disable any that are not needed

Port 53: DNS

Open DNS port detected on a publicly accessible host.

Port 445: SMB

Open SMB port detected on a publicly accessible host.

On this page

What is MS-RPC?Why this is a problemWhat you should do