Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Is there a way to close port 135 on x64?


_Ramirez_
 Share

Recommended Posts

You could do this on xp by removing "Connection-oriented TCP/IP" in the "Default Protocols" tab when running dcomcnfg. Or by disabling entire DCOM on Default Properties tab.

But when you do this on x64 "netstat /ano" still shows port 135 as opened?

Link to comment
Share on other sites


Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

Link to comment
Share on other sites

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.

So to block a single port you would need to list the other 65533 individually.

This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters

-> Advanced button

-> Options tab

Highlight TCP/IP filtering, click Properties

Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:

http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.

e.g. Sample output from XP Pro:

C:\>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1580
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3592 0.0.0.0:0 LISTENING 528
TCP 0.0.0.0:42510 0.0.0.0:0 LISTENING 364
TCP 127.0.0.1:1057 0.0.0.0:0 LISTENING 128
TCP 192.168.1.1:139 0.0.0.0:0 LISTENING 4

Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:

http://www.sysinternals.com/Utilities/TcpView.html

Link to comment
Share on other sites

  • 1 month later...

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.

Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.

So to block a single port you would need to list the other 65533 individually.

This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters

-> Advanced button

-> Options tab

Highlight TCP/IP filtering, click Properties

Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:

http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.

e.g. Sample output from XP Pro:

C:\>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1580
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3592 0.0.0.0:0 LISTENING 528
TCP 0.0.0.0:42510 0.0.0.0:0 LISTENING 364
TCP 127.0.0.1:1057 0.0.0.0:0 LISTENING 128
TCP 192.168.1.1:139 0.0.0.0:0 LISTENING 4

Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:

http://www.sysinternals.com/Utilities/TcpView.html

Don't keep those ports open unless you require them for a server!! I can't trust unblocked ports with the internet viruses that have been going around. They can be updated to use exploits that we don't know about.

Edited by RJARRRPCGP
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...