_Ramirez_ Posted December 14, 2005 Share Posted December 14, 2005 You could do this on xp by removing "Connection-oriented TCP/IP" in the "Default Protocols" tab when running dcomcnfg. Or by disabling entire DCOM on Default Properties tab.But when you do this on x64 "netstat /ano" still shows port 135 as opened? Link to comment Share on other sites More sharing options...
rjz Posted December 14, 2005 Share Posted December 14, 2005 In your advanced tcp ip properties there is a tcp ip filter tab. Use that if you can't block it out with a firewall. Link to comment Share on other sites More sharing options...
suryad Posted December 21, 2005 Share Posted December 21, 2005 Wow XP 64 bit gives you manual control over your ports? Link to comment Share on other sites More sharing options...
Sumedh Posted December 21, 2005 Share Posted December 21, 2005 Install a third party firewall like zone alarm or sygate. Link to comment Share on other sites More sharing options...
cluberti Posted December 22, 2005 Share Posted December 22, 2005 Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000. Link to comment Share on other sites More sharing options...
Aegis Posted December 22, 2005 Share Posted December 22, 2005 Close all non-essential services that rely on RPC. You should have the port closed, not blocked. This will also close ports 1025-1027. Link to comment Share on other sites More sharing options...
suryad Posted December 23, 2005 Share Posted December 23, 2005 Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that. Link to comment Share on other sites More sharing options...
Mr Snrub Posted December 23, 2005 Share Posted December 23, 2005 Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.So to block a single port you would need to list the other 65533 individually.This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.Properties of Internet Protocol (TCP/IP) in any of your network adapters-> Advanced button-> Options tabHighlight TCP/IP filtering, click PropertiesConfigure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.Microsoft article on Windows 2000 TCP/IP features:http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspxFor workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.e.g. Sample output from XP Pro:C:\>netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1580 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:3592 0.0.0.0:0 LISTENING 528 TCP 0.0.0.0:42510 0.0.0.0:0 LISTENING 364 TCP 127.0.0.1:1057 0.0.0.0:0 LISTENING 128 TCP 192.168.1.1:139 0.0.0.0:0 LISTENING 4Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:http://www.sysinternals.com/Utilities/TcpView.html Link to comment Share on other sites More sharing options...
RJARRRPCGP Posted February 6, 2006 Share Posted February 6, 2006 (edited) Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.So to block a single port you would need to list the other 65533 individually.This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.Properties of Internet Protocol (TCP/IP) in any of your network adapters-> Advanced button-> Options tabHighlight TCP/IP filtering, click PropertiesConfigure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.Microsoft article on Windows 2000 TCP/IP features:http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspxFor workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.e.g. Sample output from XP Pro:C:\>netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1580 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:3592 0.0.0.0:0 LISTENING 528 TCP 0.0.0.0:42510 0.0.0.0:0 LISTENING 364 TCP 127.0.0.1:1057 0.0.0.0:0 LISTENING 128 TCP 192.168.1.1:139 0.0.0.0:0 LISTENING 4Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:http://www.sysinternals.com/Utilities/TcpView.htmlDon't keep those ports open unless you require them for a server!! I can't trust unblocked ports with the internet viruses that have been going around. They can be updated to use exploits that we don't know about. Edited February 6, 2006 by RJARRRPCGP Link to comment Share on other sites More sharing options...
suryad Posted February 6, 2006 Share Posted February 6, 2006 Sorry I lost track of this thread. Thanks for all the great information you guys. Link to comment Share on other sites More sharing options...
Gouki Posted February 13, 2006 Share Posted February 13, 2006 Owww. Good information.Im gonna start Permiting Only the ones I need. Just found a cool list of ports used by applcations. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now