Jump to content

Is there a way to close port 135 on x64?

_Ramirez_

By _Ramirez_
in Windows XP 64 Bit Edition

 Share

Recommended Posts

_Ramirez_

_Ramirez_

Posted
Posted

You could do this on xp by removing "Connection-oriented TCP/IP" in the "Default Protocols" tab when running dcomcnfg. Or by disabling entire DCOM on Default Properties tab.

But when you do this on x64 "netstat /ano" still shows port 135 as opened?


rjz

rjz

Posted
Posted

In your advanced tcp ip properties there is a tcp ip filter tab. Use that if you can't block it out with a firewall.

cluberti

cluberti

Posted
Posted

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Aegis

Aegis

Posted
Posted

Close all non-essential services that rely on RPC. You should have the port closed, not blocked. This will also close ports 1025-1027.

suryad

suryad

Posted
Posted
Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

Mr Snrub

Mr Snrub

Posted
Posted

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.

So to block a single port you would need to list the other 65533 individually.

This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters

-> Advanced button

-> Options tab

Highlight TCP/IP filtering, click Properties

Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:

http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.

e.g. Sample output from XP Pro:

C:\>netstat -ano
Active Connections
  Proto  Local Address		  Foreign Address		State		   PID
  TCP	0.0.0.0:135			0.0.0.0:0			  LISTENING	   1580
  TCP	0.0.0.0:445			0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:1723		   0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:3592		   0.0.0.0:0			  LISTENING	   528
  TCP	0.0.0.0:42510		  0.0.0.0:0			  LISTENING	   364
  TCP	127.0.0.1:1057		 0.0.0.0:0			  LISTENING	   128
  TCP	192.168.1.1:139		0.0.0.0:0			  LISTENING	   4

Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:

http://www.sysinternals.com/Utilities/TcpView.html

  • 1 month later...
RJARRRPCGP

RJARRRPCGP

Posted
Posted (edited)

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.

So to block a single port you would need to list the other 65533 individually.

This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters

-> Advanced button

-> Options tab

Highlight TCP/IP filtering, click Properties

Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:

http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.

e.g. Sample output from XP Pro:

C:\>netstat -ano
Active Connections
  Proto  Local Address		  Foreign Address		State		   PID
  TCP	0.0.0.0:135			0.0.0.0:0			  LISTENING	   1580
  TCP	0.0.0.0:445			0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:1723		   0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:3592		   0.0.0.0:0			  LISTENING	   528
  TCP	0.0.0.0:42510		  0.0.0.0:0			  LISTENING	   364
  TCP	127.0.0.1:1057		 0.0.0.0:0			  LISTENING	   128
  TCP	192.168.1.1:139		0.0.0.0:0			  LISTENING	   4

Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:

http://www.sysinternals.com/Utilities/TcpView.html

Don't keep those ports open unless you require them for a server!! I can't trust unblocked ports with the internet viruses that have been going around. They can be updated to use exploits that we don't know about.

Edited by RJARRRPCGP

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...