Help - Search - Members - Calendar
Full Version: Is there a way to close port 135 on x64?
MSFN Forums > Microsoft Software Products - Discussion & Support > Windows XP > Windows XP 64 Bit Edition

   
Google Internet Forums Unattended CD/DVD Guide
_Ramirez_
Dec 14 2005, 04:48 PM
You could do this on xp by removing "Connection-oriented TCP/IP" in the "Default Protocols" tab when running dcomcnfg. Or by disabling entire DCOM on Default Properties tab.

But when you do this on x64 "netstat /ano" still shows port 135 as opened?
rjz
Dec 14 2005, 05:59 PM
In your advanced tcp ip properties there is a tcp ip filter tab. Use that if you can't block it out with a firewall.
suryad
Dec 21 2005, 01:22 PM
Wow XP 64 bit gives you manual control over your ports?
Sumedh
Dec 21 2005, 02:32 PM
Install a third party firewall like zone alarm or sygate.
cluberti
Dec 21 2005, 06:07 PM
Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.
Aegis
Dec 21 2005, 06:33 PM
Close all non-essential services that rely on RPC. You should have the port closed, not blocked. This will also close ports 1025-1027.
suryad
Dec 23 2005, 12:59 PM
QUOTE (cluberti @ Dec 21 2005, 04:07 PM) *
Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.


Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.
Mr Snrub
Dec 23 2005, 05:47 PM
QUOTE (suryad @ Dec 23 2005, 12:59 PM) *
QUOTE (cluberti @ Dec 21 2005, 04:07 PM) *

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.


Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.
So to block a single port you would need to list the other 65533 individually.
This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters
-> Advanced button
-> Options tab
Highlight TCP/IP filtering, click Properties
Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:
http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.
e.g. Sample output from XP Pro:
CODE
C:\>netstat -ano
Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1580
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1723           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:3592           0.0.0.0:0              LISTENING       528
  TCP    0.0.0.0:42510          0.0.0.0:0              LISTENING       364
  TCP    127.0.0.1:1057         0.0.0.0:0              LISTENING       128
  TCP    192.168.1.1:139        0.0.0.0:0              LISTENING       4


Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:
http://www.sysinternals.com/Utilities/TcpView.html
RJARRRPCGP
Feb 5 2006, 11:54 PM
QUOTE (Mr Snrub @ Dec 23 2005, 06:47 PM) *
QUOTE (suryad @ Dec 23 2005, 12:59 PM) *

QUOTE (cluberti @ Dec 21 2005, 04:07 PM) *

Windows 2000, XP, and 2003 all have this functionality as described by rjz. It is not specific to any of these versions; it was introduced in Windows 2000.


Wow I didnt know that how do you go about doing that? How do you monitor what ports are open or not? Mind I am running XP Home yuck so I prob cant do that.

It is only possible to list the ports/protocols you do want to accept, you can't specify exceptions.
So to block a single port you would need to list the other 65533 individually.
This filtering interface is more for hardening servers with specific services in controlled environments - e.g. only having TCP port 80 open on dedicated web servers.

Properties of Internet Protocol (TCP/IP) in any of your network adapters
-> Advanced button
-> Options tab
Highlight TCP/IP filtering, click Properties
Configure the TCP & UDP ports you want to accept traffic on, and/or the IP protocol numbers you want to accept - note that this affects all network adapters on the system.

Another drawback of IP filtering this way is that it does not take into account the source of the attempted connections, so you can't specify one rule for internal clients and another for external ones.

Microsoft article on Windows 2000 TCP/IP features:
http://www.microsoft.com/technet/itsolutio...vg/tcpip2k.mspx

For workstation OS's the Windows Firewall is a better way of controlling which applications can act as servers, through exceptions in the Windows Firewall applet in the Control Panel.

To monitor "open" ports you can use the command line "NETSTAT -ANO" and see which are in the "listening" state.
e.g. Sample output from XP Pro:
CODE
C:\>netstat -ano
Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1580
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1723           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:3592           0.0.0.0:0              LISTENING       528
  TCP    0.0.0.0:42510          0.0.0.0:0              LISTENING       364
  TCP    127.0.0.1:1057         0.0.0.0:0              LISTENING       128
  TCP    192.168.1.1:139        0.0.0.0:0              LISTENING       4


Alternatively you can run something like TCPView from SysInternals and it gives you a lot more detail too, in a fancy GUI:
http://www.sysinternals.com/Utilities/TcpView.html


Don't keep those ports open unless you require them for a server!! I can't trust unblocked ports with the internet viruses that have been going around. They can be updated to use exploits that we don't know about.
suryad
Feb 6 2006, 12:15 PM
Sorry I lost track of this thread. Thanks for all the great information you guys.
Gouki
Feb 12 2006, 07:12 PM
Owww. Good information.

Im gonna start Permiting Only the ones I need. Just found a cool list of ports used by applcations.
Google Internet Forums Unattended CD/DVD Guide
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.