Jump to content

Is there a way to close port 135 on x64?

_Ramirez_

By _Ramirez_
in Windows XP 64 Bit Edition

 Share

Recommended Posts

_Ramirez_

_Ramirez_

Posted
Posted

You could do this on xp by removing "Connection-oriented TCP/IP" in the "Default Protocols" tab when running dcomcnfg. Or by disabling entire DCOM on Default Properties tab.

But when you do this on x64 "netstat /ano" still shows port 135 as opened?

Link to comment
Share on other sites

suryad

suryad

Posted
Posted
Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

Link to comment
Share on other sites
Mr Snrub

Mr Snrub

Posted
Posted

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.

So to block a single port you would need to list the other 65533 individually.

This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters

-> Advanced button

-> Options tab

Highlight TCP/IP filtering, click Properties

Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:

http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.

e.g. Sample output from XP Pro:

C:\>netstat -ano
Active Connections
  Proto  Local Address		  Foreign Address		State		   PID
  TCP	0.0.0.0:135			0.0.0.0:0			  LISTENING	   1580
  TCP	0.0.0.0:445			0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:1723		   0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:3592		   0.0.0.0:0			  LISTENING	   528
  TCP	0.0.0.0:42510		  0.0.0.0:0			  LISTENING	   364
  TCP	127.0.0.1:1057		 0.0.0.0:0			  LISTENING	   128
  TCP	192.168.1.1:139		0.0.0.0:0			  LISTENING	   4

Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:

http://www.sysinternals.com/Utilities/TcpView.html

Link to comment
Share on other sites
  • 1 month later...
RJARRRPCGP

RJARRRPCGP

Posted
Posted (edited)

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.

So to block a single port you would need to list the other 65533 individually.

This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters

-> Advanced button

-> Options tab

Highlight TCP/IP filtering, click Properties

Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:

http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.

e.g. Sample output from XP Pro:

C:\>netstat -ano
Active Connections
  Proto  Local Address		  Foreign Address		State		   PID
  TCP	0.0.0.0:135			0.0.0.0:0			  LISTENING	   1580
  TCP	0.0.0.0:445			0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:1723		   0.0.0.0:0			  LISTENING	   4
  TCP	0.0.0.0:3592		   0.0.0.0:0			  LISTENING	   528
  TCP	0.0.0.0:42510		  0.0.0.0:0			  LISTENING	   364
  TCP	127.0.0.1:1057		 0.0.0.0:0			  LISTENING	   128
  TCP	192.168.1.1:139		0.0.0.0:0			  LISTENING	   4

Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:

http://www.sysinternals.com/Utilities/TcpView.html

Don't keep those ports open unless you require them for a server!! I can't trust unblocked ports with the internet viruses that have been going around. They can be updated to use exploits that we don't know about.

Edited by RJARRRPCGP
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...