Block port 135 at switch - cannot login through Novell

my client complain that all user facing with slow login using Novell client..their suspected network is infected with virus...their want me to block port 135 at switch to solve the problem..after doing that task, user cannot login thru Novell at all..why is this happen?

my client complain that all user facing with slow login using Novell client..their suspected network is infected with virus...their want me to block port 135 at switch to solve the problem..after doing that task, user cannot login thru Novell at all..why is this happen?

--What steps were taken if any, to clean the network of the virus? What virus is the network infected with?
Did you ask the person(s) why they thought blocking Port 135 would solve the slow Login process?

mblast...sasser ..lov gates..and worm...
they said the virus attack from the port...

mblast...sasser ..lov gates..and worm...
they said the virus attack from the port...

--As per Symantec's article on Sasser, the ports it uses are TCP 445, 5554, 9996, check the link for your references

securityresponse.symantec.com/avcenter/v...w32.sasser.worm.html

--As per Symantec's article on Lovgate, the ports it uses are TCP 10168, 1192, 20168, check the link for your references

securityresponse.symantec.com/avcenter/v...lw.lovgate.c@mm.html

--As per Symantec's article on MSBLAST, the ports it uses are TCP 135, TCP 4444, UDP 69, check the link for your references

www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

As you will see, Blaster is the one that exploits the DCOM RPC vulnerability using TCP port 135. The article says, it attempts to perform a DoS on MS Windows Update WebServer(windowsupdate.com). A buffer overrun vulnerability can also be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. This can result in execution of malicious instructions with Local System Privileges on an affected system.

As per what you have said, that your network is infected with these viruses, I would suggest to take proper steps for removal of these viruses on infected machines.

Do your Novell Client users provide user credentials to Domain Controller?

If they do, my educated guess is may be Active Directory needs Port 135 and by you blocking the Port 135, the users now are not able to Logon.

Please keep us posted on what steps have or are being taken.

tq FallenZero...a very informative info..
i'm not sure about Novell coz other vendor take responsible about the system...on my side is only switches...in your opinion, is it switches that we must configure or just search the infected pc and remove it from network... :

tq FallenZero...a very informative info..
i'm not sure about Novell coz other vendor take responsible about the system...on my side is only switches...in your opinion, is it switches that we must configure or just search the infected pc and remove it from network... :

--Identify the infected PC's, disconnect them from the network, and follow proper virus removal instructions. If you have a Firewall running, block Ports 135 and the NetBIOS Ports.