Port 135 (MS RPC)

TCP

Microsoft Remote Procedure Call — MS RPC listens on port 135 by default.

What is Port 135?

Port 135 is used by Microsoft RPC (Remote Procedure Call), a protocol that allows programs on one computer to execute code on another. It is a core component of Windows networking and is used by many Microsoft services.

MS RPC on port 135 serves as an endpoint mapper, directing clients to the correct dynamic port for the requested service. Services like DCOM, WMI, and Microsoft Exchange rely on port 135 for initial connection negotiation. The dynamic ports used range from 49152-65535 by default.

Port 135 has been the target of numerous Windows worms and exploits, including the Blaster worm. It should be blocked at the network perimeter and only accessible on internal networks where Windows services require it.

Port 135 Security

MS RPC on port 135 should be secured with appropriate access controls and monitoring. Ensure the service is only accessible from trusted networks by configuring firewall rules to restrict access. If the protocol supports encryption, enable TLS/SSL to protect data in transit.

Regularly update MS RPC to the latest version to patch known vulnerabilities. Monitor port 135 for unauthorized access attempts and implement rate limiting where possible. Follow the principle of least privilege when configuring access permissions.

How to Check Port 135

To check if port 135 is open on a remote host, use nmap: 'nmap -p 135 hostname'. For a quick TCP connection test, use: 'telnet hostname 135' or 'nc -zv hostname 135'. On Windows PowerShell, use: 'Test-NetConnection -ComputerName hostname -Port 135'.

To check if port 135 is listening on your local machine, use: 'netstat -tlnp | grep 135' on Linux, or 'ss -tlnp | grep 135'. On Windows, use: 'netstat -an | findstr 135'. For a comprehensive scan, use: 'nmap -sV -p 135 hostname' to detect the service version running on the port.

Related Ports

Port 139 (NetBIOS Session) Port 445 (SMB) Port 137 (NetBIOS Name) Port 138 (NetBIOS Datagram) Port 3389 (RDP)

Frequently Asked Questions

What is port 135 used for?

Port 135 is the default port for Microsoft Remote Procedure Call (MS RPC). It is used for ms rpc communication using the TCP protocol.

Is port 135 TCP or UDP?

Port 135 uses TCP. TCP is used because ms rpc requires reliable, ordered data delivery.

Should port 135 be open?

Port 135 should only be open if you are actively running MS RPC. Close unused ports to reduce your attack surface. If needed, restrict access to trusted IP addresses using firewall rules.

How do I check if port 135 is open?

Use 'nmap -p 135 hostname' to scan remotely, or 'netstat -tlnp | grep 135' to check locally on Linux. On Windows, use 'Test-NetConnection -Port 135 hostname' in PowerShell.

How do I secure port 135?

Secure port 135 by restricting access with firewall rules, using encryption (TLS/SSL) where supported, keeping MS RPC updated, using strong authentication, and monitoring for unauthorized access attempts.

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.

Check My IP →

Related Tools

Port Reference
Complete network port database
Port Scanner
Scan ports on any host
SSL Check
Verify SSL certificate status
HTTP Headers
View HTTP response headers
Traceroute
Trace network route to host
Speed Test
Test your internet speed