12 replies to this topic

[Talldog9]

In the event this may help someone,

Port 135

After disabling the following services: DCOM, Task Scheduler, and Distributed Transaction Coordinator (MSDTC)

Win+R, regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

String Value: EnableDCOM

Set the value to N instead of Y

Reboot.

The following may or may not apply to you-

'Click Start menu, and then click the Run icon.
In the small box that Opens, type: Dcomcnfg.exe then click the OK button.

Now the Component Services window should open.

In the left hand pane "Expand" Component Services.

Right-click Computer and select Properties.

(For a remote computer, right-click Computer, press New, press Computer, type the ComputerName, right-click the ComputerName and press Properties.)

Select the Default Properties tab.

Clear the Enable Distributed COM on this Computer box.

Click the Apply button to disable DCOM.

Click the OK button and exit the Component Services window.

Shutdown and Restart your computer.'

It didn't apply to me...


Port 445

'Even after you disable local file and print sharing, Windows XP still leaves port 445 open and listening for incoming connections. If you are not using local networking, this can pose a security risk. To close this port you need to make a quick change to an entry in the Windows registry.
Here are the step-by-step instructions to close port 445 in Windows XP:

1.Click "Start"
2.Click "Run..."
3.Where it says "Open:" type "regedit"
4.Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
5.Find the value "TransportBindName" and right-click it to open up a menu of options.
6.Click "Modify" (it is in bold text)
7.Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
8.Click "OK"
9.Close the registry and reboot.
That takes care of it, now you are much safer from other machines on your local network, or if you are plugged into a cable modem without a router.'


PS I copied this from some webpages some time ago and saved it to a text file. Don't remember where from. I personally applied these and they work.

[Andavari]

WWDC can do all that automatically and more.

If using WWDC breaks the connection you can instead manually disable NetBIOS.

[Talldog9]

Andavari, on Feb 9 2010, 01:02 AM, said:

WWDC can do all that automatically and more.

If using WWDC breaks the connection you can instead manually disable NetBIOS.

HMMM quite true sir. I wasn't aware until now the recent versions had capabilities to close the ports completely.

[aqua]

hey guys,have a question.
do you have this ports open even after running a test at shieldsup?

[marmite]

aqua, on Feb 9 2010, 04:25 PM, said:

hey guys,have a question.
do you have this ports open even after running a test at shieldsup?

Sticking my oar in ... no, stealthed

What you have to bear in mind with something like ShieldsUp is that you may have other protection that's masking your machine's 'visibility' ... e.g. a router's firewall. But if you always connect like that it's less of an issue. It's more of an issue for things like laptops which you use out and about and you need good protection on the machine itself.

[Talldog9]

aqua, on Feb 9 2010, 11:25 AM, said:

hey guys,have a question.
do you have this ports open even after running a test at shieldsup?

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

[hazelnut]

Most software firewalls have these port restricted by default on install.

[Andavari]

Talldog9, on Feb 9 2010, 07:49 PM, said:

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

I can't remember if that's the NetBIOS port or not, but one of those can break the Internet connection if it's disabled, it can be undone however using WWDC. That's why I have to manually disable NetBIOS on my system rather than letting WWDC do it.
Edit: Nope it's not the NetBIOS port, just had a look in WWDC.

And Hazelnut is correct about a firewall protecting against those known vulnerable ports, even Windows Firewall is good for it as long as there aren't allot of unnecessary program exceptions in Windows Firewall.

[marmite]

Talldog9, on Feb 10 2010, 01:49 AM, said:

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

Quite

But my point is that as far as a test like ShieldsUp is concerned, they should show as stealthed, not closed. Stealthed means no response - not even recognition that a PC is there. Closed means, okay it's closed - but I know there's a computer there. The stealthing bit is where the firewall comes in.

For anyone wanting to read about the differences between open, colsed and stealthed ... https://www.grc.com/...tstatusinfo.htm. It's an old site so beware of some out of date software recommendations, but the principles stand.

[hazelnut]

Perhaps a timely mention might be made here of using shields up when having a router. Often the site is just testing the router.

A fairly good explanation here

http://onlinearmorpersonalfirewall.blogspo...ds-up-test.html

[marmite]

hazelnut, on Feb 10 2010, 09:38 AM, said:

Perhaps a timely mention might be made here of using shields up when having a router. Often the site is just testing the router.

A fairly good explanation here

http://onlinearmorpersonalfirewall.blogspo...ds-up-test.html

Yep I'm sure it's something that's frequently overlooked.

Good article.

[Andavari]

That was a good article. People should know to enable their hardware firewalls in their router/modem too. I kept failing the ShieldsUp TruStealth because my modem firewall was off which is the default factory setting, turning it on allowed for TruStealth. I suspect the results I was getting were exactly as that article suggests since I was probably actually stealthed anyway with Windows Firewall active.

[Talldog9]

Andavari, on Feb 10 2010, 03:05 AM, said:

but one of those can break the Internet connection if it's disabled

I smell cable.

I like seeing peoples outgoing 138/139 solicitations on my LAN. They won't see mine.