Jump to content

Return to Piriform.com

Photo

Closing Ports 135 and 445 (XP)


  • Please log in to reply
12 replies to this topic

#1 OFFLINE Talldog9

Talldog9

    Power Member

  • Members
  • PipPipPipPip
  • 546 posts
  • Gender:Male
  • Location:Newport, KY

Posted 08 February 2010 - 10:30 PM

In the event this may help someone,

Port 135

After disabling the following services: DCOM, Task Scheduler, and Distributed Transaction Coordinator (MSDTC)

Win+R, regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

String Value: EnableDCOM

Set the value to N instead of Y

Reboot.

The following may or may not apply to you-

'Click Start menu, and then click the Run icon.
In the small box that Opens, type: Dcomcnfg.exe then click the OK button.

Now the Component Services window should open.

In the left hand pane "Expand" Component Services.

Right-click Computer and select Properties.

(For a remote computer, right-click Computer, press New, press Computer, type the ComputerName, right-click the ComputerName and press Properties.)

Select the Default Properties tab.

Clear the Enable Distributed COM on this Computer box.

Click the Apply button to disable DCOM.

Click the OK button and exit the Component Services window.

Shutdown and Restart your computer.'

It didn't apply to me...


Port 445

'Even after you disable local file and print sharing, Windows XP still leaves port 445 open and listening for incoming connections. If you are not using local networking, this can pose a security risk. To close this port you need to make a quick change to an entry in the Windows registry.
Here are the step-by-step instructions to close port 445 in Windows XP:

1.Click "Start"
2.Click "Run..."
3.Where it says "Open:" type "regedit"
4.Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
5.Find the value "TransportBindName" and right-click it to open up a menu of options.
6.Click "Modify" (it is in bold text)
7.Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
8.Click "OK"
9.Close the registry and reboot.
That takes care of it, now you are much safer from other machines on your local network, or if you are plugged into a cable modem without a router.'


PS I copied this from some webpages some time ago and saved it to a text file. Don't remember where from. I personally applied these and they work.
The internet - Where men are men, women are men and children are FBI agents.

#2 OFFLINE Andavari

Andavari

    .

  • Moderators
  • 16,349 posts
  • Gender:Male
  • Location:U.S.A.

Posted 09 February 2010 - 01:02 AM

WWDC can do all that automatically and more.

If using WWDC breaks the connection you can instead manually disable NetBIOS.

Piriform software help documentation is available at: http://www.piriform.com/docs

 

Don't PM me for advice! I'll only ask you to read forum rule #15.


#3 OFFLINE Talldog9

Talldog9

    Power Member

  • Members
  • PipPipPipPip
  • 546 posts
  • Gender:Male
  • Location:Newport, KY

Posted 09 February 2010 - 02:14 AM

WWDC can do all that automatically and more.

If using WWDC breaks the connection you can instead manually disable NetBIOS.


HMMM quite true sir. I wasn't aware until now the recent versions had capabilities to close the ports completely.
The internet - Where men are men, women are men and children are FBI agents.

#4 OFFLINE aqua

aqua

    Advanced Member

  • Members
  • PipPipPip
  • 302 posts

Posted 09 February 2010 - 11:25 AM

hey guys,have a question.
do you have this ports open even after running a test at shieldsup?

#5 OFFLINE marmite

marmite

    Relax, it's only ones and zeros!

  • Members
  • PipPipPipPip
  • 877 posts
  • Location:UK

Posted 09 February 2010 - 11:44 AM

hey guys,have a question.
do you have this ports open even after running a test at shieldsup?

Sticking my oar in ... no, stealthed :)

What you have to bear in mind with something like ShieldsUp is that you may have other protection that's masking your machine's 'visibility' ... e.g. a router's firewall. But if you always connect like that it's less of an issue. It's more of an issue for things like laptops which you use out and about and you need good protection on the machine itself.

#6 OFFLINE Talldog9

Talldog9

    Power Member

  • Members
  • PipPipPipPip
  • 546 posts
  • Gender:Male
  • Location:Newport, KY

Posted 09 February 2010 - 08:49 PM

hey guys,have a question.
do you have this ports open even after running a test at shieldsup?

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.
The internet - Where men are men, women are men and children are FBI agents.

#7 ONLINE hazelnut

hazelnut

    try to stay calm

  • Moderators
  • 12,635 posts
  • Gender:Female
  • Location:Huddersfield uk

Posted 10 February 2010 - 02:07 AM

Most software firewalls have these port restricted by default on install.
CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND HERE

http://www.piriform.com/docs

#8 OFFLINE Andavari

Andavari

    .

  • Moderators
  • 16,349 posts
  • Gender:Male
  • Location:U.S.A.

Posted 10 February 2010 - 03:05 AM

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

I can't remember if that's the NetBIOS port or not, but one of those can break the Internet connection if it's disabled, it can be undone however using WWDC. That's why I have to manually disable NetBIOS on my system rather than letting WWDC do it.
Edit: Nope it's not the NetBIOS port, just had a look in WWDC.

And Hazelnut is correct about a firewall protecting against those known vulnerable ports, even Windows Firewall is good for it as long as there aren't allot of unnecessary program exceptions in Windows Firewall.

Piriform software help documentation is available at: http://www.piriform.com/docs

 

Don't PM me for advice! I'll only ask you to read forum rule #15.


#9 OFFLINE marmite

marmite

    Relax, it's only ones and zeros!

  • Members
  • PipPipPipPip
  • 877 posts
  • Location:UK

Posted 10 February 2010 - 03:46 AM

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

Quite :)

But my point is that as far as a test like ShieldsUp is concerned, they should show as stealthed, not closed. Stealthed means no response - not even recognition that a PC is there. Closed means, okay it's closed - but I know there's a computer there. The stealthing bit is where the firewall comes in.

For anyone wanting to read about the differences between open, colsed and stealthed ... https://www.grc.com/...tstatusinfo.htm. It's an old site so beware of some out of date software recommendations, but the principles stand.

#10 ONLINE hazelnut

hazelnut

    try to stay calm

  • Moderators
  • 12,635 posts
  • Gender:Female
  • Location:Huddersfield uk

Posted 10 February 2010 - 04:38 AM

Perhaps a timely mention might be made here of using shields up when having a router. Often the site is just testing the router.

A fairly good explanation here

http://onlinearmorpe...ds-up-test.html
CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND HERE

http://www.piriform.com/docs

#11 OFFLINE marmite

marmite

    Relax, it's only ones and zeros!

  • Members
  • PipPipPipPip
  • 877 posts
  • Location:UK

Posted 10 February 2010 - 05:05 AM

Perhaps a timely mention might be made here of using shields up when having a router. Often the site is just testing the router.

A fairly good explanation here

http://onlinearmorpe...ds-up-test.html

Yep I'm sure it's something that's frequently overlooked.

Good article.

#12 OFFLINE Andavari

Andavari

    .

  • Moderators
  • 16,349 posts
  • Gender:Male
  • Location:U.S.A.

Posted 10 February 2010 - 04:15 PM

That was a good article. People should know to enable their hardware firewalls in their router/modem too. I kept failing the ShieldsUp TruStealth because my modem firewall was off which is the default factory setting, turning it on allowed for TruStealth. I suspect the results I was getting were exactly as that article suggests since I was probably actually stealthed anyway with Windows Firewall active.

Piriform software help documentation is available at: http://www.piriform.com/docs

 

Don't PM me for advice! I'll only ask you to read forum rule #15.


#13 OFFLINE Talldog9

Talldog9

    Power Member

  • Members
  • PipPipPipPip
  • 546 posts
  • Gender:Male
  • Location:Newport, KY

Posted 11 February 2010 - 02:29 AM

but one of those can break the Internet connection if it's disabled

I smell cable.

I like seeing peoples outgoing 138/139 solicitations on my LAN. They won't see mine.
The internet - Where men are men, women are men and children are FBI agents.