MS RPC / DCOM
What is Port 135?
Port 135 is the Microsoft Remote Procedure Call (MS-RPC) endpoint mapper, also known as the DCE/RPC Locator service. It serves a similar function to Unix's RPCBind but for Windows systems. When a client needs to communicate with a Windows RPC service, it first contacts the endpoint mapper on port 135 to discover which dynamic port the target service is listening on. This port is critical for Windows domain environments as it facilitates DCOM (Distributed Component Object Model), WMI (Windows Management Instrumentation), remote task scheduling, and many other Windows management features. Active Directory heavily relies on RPC for replication and administration.
Common Uses
- Windows RPC endpoint mapping and service discovery
- DCOM communication between Windows systems
- WMI remote management queries
- Active Directory replication and administration
Technical Details
Copy-paste commands to check port 135 (MS RPC / DCOM) from your terminal
Test connectivity
nc -zv example.com 135
curl -v --max-time 5 http://example.com:135/
telnet example.com 135
nmap -p 135 -sV example.com
(echo > /dev/tcp/example.com/135) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 135/tcp
sudo iptables -A INPUT -p tcp --dport 135 -j ACCEPT
sudo firewall-cmd --permanent --add-port=135/tcp && sudo firewall-cmd --reload
Security Considerations
Port 135 has been the target of numerous Windows worms and exploits, including the Blaster worm. Never expose port 135 to the internet. It should only be accessible on trusted internal networks. Use Windows Firewall with Advanced Security to restrict access. Keep Windows systems patched against RPC vulnerabilities. Consider using VPN for remote management instead of exposing RPC ports.
Popular Ports Reference
The most commonly used and referenced network ports