Jump to content
Piriform Community Forums
Sign in to follow this  
Talldog9

Closing Ports 135 and 445 (XP)

Recommended Posts

In the event this may help someone,

 

Port 135

 

After disabling the following services: DCOM, Task Scheduler, and Distributed Transaction Coordinator (MSDTC)

 

Win+R, regedit

 

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

 

String Value: EnableDCOM

 

Set the value to N instead of Y

 

Reboot.

 

The following may or may not apply to you-

 

'Click Start menu, and then click the Run icon.

In the small box that Opens, type: Dcomcnfg.exe then click the OK button.

 

Now the Component Services window should open.

 

In the left hand pane "Expand" Component Services.

 

Right-click Computer and select Properties.

 

(For a remote computer, right-click Computer, press New, press Computer, type the ComputerName, right-click the ComputerName and press Properties.)

 

Select the Default Properties tab.

 

Clear the Enable Distributed COM on this Computer box.

 

Click the Apply button to disable DCOM.

 

Click the OK button and exit the Component Services window.

 

Shutdown and Restart your computer.'

 

It didn't apply to me...

 

 

Port 445

 

'Even after you disable local file and print sharing, Windows XP still leaves port 445 open and listening for incoming connections. If you are not using local networking, this can pose a security risk. To close this port you need to make a quick change to an entry in the Windows registry.

Here are the step-by-step instructions to close port 445 in Windows XP:

 

1.Click "Start"

2.Click "Run..."

3.Where it says "Open:" type "regedit"

4.Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters

5.Find the value "TransportBindName" and right-click it to open up a menu of options.

6.Click "Modify" (it is in bold text)

7.Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.

8.Click "OK"

9.Close the registry and reboot.

That takes care of it, now you are much safer from other machines on your local network, or if you are plugged into a cable modem without a router.'

 

 

PS I copied this from some webpages some time ago and saved it to a text file. Don't remember where from. I personally applied these and they work.

Share this post


Link to post
Share on other sites
hey guys,have a question.

do you have this ports open even after running a test at shieldsup?

Sticking my oar in ... no, stealthed :)

 

What you have to bear in mind with something like ShieldsUp is that you may have other protection that's masking your machine's 'visibility' ... e.g. a router's firewall. But if you always connect like that it's less of an issue. It's more of an issue for things like laptops which you use out and about and you need good protection on the machine itself.

Share this post


Link to post
Share on other sites
hey guys,have a question.

do you have this ports open even after running a test at shieldsup?

WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

Share this post


Link to post
Share on other sites
WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

I can't remember if that's the NetBIOS port or not, but one of those can break the Internet connection if it's disabled, it can be undone however using WWDC. That's why I have to manually disable NetBIOS on my system rather than letting WWDC do it.

Edit: Nope it's not the NetBIOS port, just had a look in WWDC.

 

And Hazelnut is correct about a firewall protecting against those known vulnerable ports, even Windows Firewall is good for it as long as there aren't allot of unnecessary program exceptions in Windows Firewall.

Share this post


Link to post
Share on other sites
WWDC can close all of them completely. For one of the ports, 135 I believe, it will prompt you with a yes no cancel dialog. When you select No it closes it completely.

Quite :)

 

But my point is that as far as a test like ShieldsUp is concerned, they should show as stealthed, not closed. Stealthed means no response - not even recognition that a PC is there. Closed means, okay it's closed - but I know there's a computer there. The stealthing bit is where the firewall comes in.

 

For anyone wanting to read about the differences between open, colsed and stealthed ... https://www.grc.com/su/portstatusinfo.htm. It's an old site so beware of some out of date software recommendations, but the principles stand.

Share this post


Link to post
Share on other sites

That was a good article. People should know to enable their hardware firewalls in their router/modem too. I kept failing the ShieldsUp TruStealth because my modem firewall was off which is the default factory setting, turning it on allowed for TruStealth. I suspect the results I was getting were exactly as that article suggests since I was probably actually stealthed anyway with Windows Firewall active.

Share this post


Link to post
Share on other sites
but one of those can break the Internet connection if it's disabled

I smell cable.

 

I like seeing peoples outgoing 138/139 solicitations on my LAN. They won't see mine.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×