Jump to content

Disable DCOM Protocol and SMB Transport on 7RC?


neowillendit

Recommended Posts

Wut up Friends, :hello:

Since I skipped Vista entirely I'm beind the curve on Windows 7. On my XP Pro SP3 x86 machine, I used these three Registry Hacks to increase security:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="N"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc]

"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00,\

00,00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,6e,00,62,00,00,\

00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,69,00,70,00,78,00,\

00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"SmbDeviceEnabled"=dword:00000000

Can I still apply these hacks to 7 (I'm sure Vista is the same here), or will this impead functionality in any way-shape-or-form?

Thank you in advance for reading!! :hello:

Link to comment
Share on other sites


I'm not sure about the security blob, but the other two still apply to COM on Vista and Windows 7, yes. Note you can modify these in the GUI in dcomcnfg as well.

When you say "security blob" are you saying that you don't think that disabling these things will increase security or are you saying that you don't know what the "RPC" tweak does?

This tweak:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc]

"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00,\

00,00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,6e,00,62,00,00,\

00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,69,00,70,00,78,00,\

00,00,00,00

~Disables "ncnacn_ip_tcp" DCOM Protocol under RPC Services. I read an article from 2002 that said that disabling this functionality prevented Blackhats from sending packets to this service and it closes this port (forget most details honestly). Been doing this since 2002 on XP and it's served me quite well with penetration testing and such.

Edited by neowillendit
Link to comment
Share on other sites

I'm not sure about the security blob, but the other two still apply to COM on Vista and Windows 7, yes. Note you can modify these in the GUI in dcomcnfg as well.

When you say "security blob" are you saying that you don't think that disabling these things will increase security or are you saying that you don't know what the "RPC" tweak does?

This tweak:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc]

"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00,\

00,00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,6e,00,62,00,00,\

00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,69,00,70,00,78,00,\

00,00,00,00

~Disables "ncnacn_ip_tcp" DCOM Protocol under RPC Services. I read an article from 2002 that said that disabling this functionality prevented Blackhats from sending packets to this service and it closes this port (forget most details honestly). Been doing this since 2002 on XP and it's served me quite well with penetration testing and such.

If you disable that on Vista you'll actually get an RPC error on boot if your machine is set to get an IP from DHCP (DHCP relies on this being enabled), so I wouldn't do it. The security hole supposedly doesn't exist on Vista (and thus Win7) anyway, although I don't know how you'd verify it without trying to hack it. For what it's worth, however, if you have DCOM disabled COM won't be listening for remote connections anyway, so it's largely a moot point.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...