How to disable Ports 135, 137-139, 445 (Windows XP)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 11/7/2010, 16:49

EDIT: for more comprehensive methods of disabling Ports 135, 137-139 (by using Seconfig XP and WWDC methods), please read here:
http://ssj100.fullsubject.com/windows-hardening-f5/how-to-disable-ports-135-137-139-445-windows-xp-t181-15.htm#1301


The following applies to Windows XP, but may also apply to Windows 2000, Vista, and 7 (I haven’t done the necessary research to confirm this). Also, please back-up your registry etc (or keep careful record of the BEFORE and AFTER) before attempting any of the below – if something stops working or goes wrong, you can simply reverse the changes. Keep in mind that I personally have no use for these ports to be enabled, but other systems may (including yours). Also keep in mind that I like doing these things manually (and therefore avoid the use of potentially problematic third party software/programs that can do it more automatically).

I’m only going to give a brief preamble about why these ports should be disabled. Further reading can be done via Google haha.

Essentially, all these ports have been exploited by worms in the past (and are often open by default), so that’s arguably enough reason to disable them. Keep in mind that you can configure hardware and/or software firewalls to “stealth” these ports (or block all traffic across these ports), but this isn’t as secure as disabling them completely - Firewalls can be bypassed, particularly in targeted attacks. Another reason to disable these ports (particularly port 445) is to close a potential Sandboxie bypass as described here:
http://www.wilderssecurity.com/showpost.php?p=1709792&postcount=39
http://www.sandboxie.com/phpbb/viewtopic.php?p=55014#55014

In saying that, simply having a NAT Router and/or Windows Firewall will “stealth” all these ports anyway against inbound connections. However, why keep them potentially open when you have no use for them (I certainly don’t). Also, it appears the Sandboxie bypass is (also) related to outbound connections, so it's best to just disable the port(s) from even functioning in the first place.

Before proceeding, you may want to confirm that these ports are opened on your system (being listened to). To do this, type netstat -an in a command prompt window.

To disable Port 135 (step 4 is not necessary):
http://www.pimp-my-rig.com/2008/10/faq-disable-port-135-disable-dcom.html

[1] Start by launching the registry editor.
Start » Run » regedit.

[2] Navigate over to key: HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

At the right column, locate the value "EnableDCOM" and modify the value to "N"

[3] Navigate to this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC

Right click on & Modify the value named "DCOM Protocols" Under the key "Value Data", you will see values. These values keep port 135 open. Highlight everything listed and delete all existing data. Doing so gives "DCOM Protocols" blank data which will in turn close down port 135.

To disable Ports 137, 138, 139:
http://www.pimp-my-rig.com/2008/12/disable-port-137-138-139.html

[1] Right-click "My Network Places" and select "Properties" from the ensuing menu that opens.

[2] Executing the previous step opens a window showing the available network connections in the machine. Right-click on "Local Area Connection" and select "Properties".

[3] Scroll down to "Internet Protocol (TCP/IP)". Select it (to highlight it) and click "Properties".

[4] From the "Internet Protocol (TCP/IP) Properties" Window, click on "Advanced.." (toward the lower right). Then go to the "WINS" tab.

[5] Under "NetBIOS setting", tick "Disable NetBIOS over TCP/IP" and click OK to accept the change. Click OK to the other windows previously opened prior to this properties window.

To disable Port 445:

Add the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Name: SMBDeviceEnabled
Type: DWORD (REG_DWORD)
Data: 0

Don’t forget to restart your computer after disabling the above ports for effect. Also, to check that those ports are disabled, you can open a command prompt and type netstat -an to confirm that your computer is no longer listening to those ports.


Last edited by ssj100 on 19/7/2010, 08:41; edited 3 times in total

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by noorismail on 12/7/2010, 02:21

Thanks ssj1000! That was painless enough.
I made a "before" ERUNT back up,and checked netstat -an.
145 and 445 were found listening.

ports 137-139 were not to seen. Perhaps this could be because
of services I have disabled.

Performed the tweak to disable 145 445,rebooted,re-checked netstat -an, they were no longer visible.
made an "after" ERUNT back-up,and all seems well.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 12/7/2010, 02:24

You mean 135, not 145 right?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by noorismail on 12/7/2010, 02:28

yes,135.
Too much squinting at regedit.

I get a bit nervous in regedit.


noor
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by noorismail on 12/7/2010, 03:07

ssj100 as I said the port range 137-139 is not active on my machine,
however,when i checked my network places,I found the
NetBios setting is default, "use NetBIOS setting from DHCP server."

Do you thank I should still tick "disable NetBios over TCP/IP"?

Even with the ports not active?


noor
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 12/7/2010, 03:12

noorismail wrote:ssj100 as I said the port range 137-139 is not active on my machine,
however,when i checked my network places,I found the
NetBios setting is default, "use NetBIOS setting from DHCP server."

Do you thank I should still tick "disable NetBios over TCP/IP"?

Even with the ports not active?


noor

If the ports aren't active and you know you will never activate them, then I don't think you would need to disable them. However, the question is whether you will ever (voluntarily or involuntarily) activate them. I'm not sure if a malware process could activate them spontaneously - therefore, it's clearly safer to disable them by default.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by noorismail on 12/7/2010, 03:33

That makes sense to me.
I will go through the protocol to disable them.


noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 12/7/2010, 03:35

noorismail wrote:That makes sense to me.
I will go through the protocol to disable them.


noor

Sounds sensible. Disabling Ports 137-139 is very simple - as you can see, no registry tweak is needed. Therefore it's not hard to re-enable them.

By the way, I forgot to mention that you need administrator rights to do any of the above. Therefore, malware that tries to re-enable these Ports (not sure if that's possible anyway) will fail miserably if you're running as a system-wide limited user.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 12/7/2010, 15:55

Just a note that on Windows XP, disabling Port 445 as described above will give rise to an Event Viewer error (4311):
"Initialization failed because the driver device could not be created."

To avoid this error, an alternative method of disabling Port 445 is by adding the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Name: SMBDeviceEnabled
Type: DWORD (REG_DWORD)
Data: 0

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by wat0114 on 13/7/2010, 11:37

noorismail wrote:
Do you thank I should still tick "disable NetBios over TCP/IP"?

If you aren't file sharing, then yes. I've always, checked that setting without side effects.

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 13/7/2010, 14:28

Instead of wasting time going thru the registry just download and run these hardening tools to close the ports, makes the job much easier,

Seconfig XP
Windows Worms Door Cleaner

They don't add any clutter to your PC because they are not actually installed as such, you just run them.


Last edited by arran on 13/7/2010, 14:30; edited 1 time in total
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 13/7/2010, 14:29

Yes, but it's nice to know exactly what they do. This way, you can learn a bit as you go. However, thanks for the tip arran! Please give us links?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 13/7/2010, 14:31

sorry I not have the links.

Google is your best friend
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 13/7/2010, 14:37

What exactly is the difference between Seconfig XP and Windows Worms Door Cleaner?

Just thought you'd like to give us links since you gave the idea mate. Anyway, here are some links:

http://www.softpedia.com/get/Security/Security-Related/Seconfig-XP.shtml
http://www.softpedia.com/get/Security/Firewall/Windows-Worms-Doors-Cleaner.shtml

By the way, does anyone here disable the "alg.exe" service to prevent their system spontaneously listening to Port 1025 (or other)? I've done so without any problem. Here's the key information about it that led me to think it's okay to disable it.
http://wiki.blackviper.com/wiki/Application_Layer_Gateway_Service#Windows_XP

Before the installation of Service Pack 2 or 3, this service was required for use with the Windows Firewall/Internet Connection Sharing (ICS) service. After the installation of Service Pack 2 or 3, it no longer is required.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 13/7/2010, 18:15

Just an update - I've edited the original post of this thread to reflect the best method of disabling Port 445. It's incredible how many sites (via Google) give instruction on the method I originally posted. The method that is now updated is much better/cleaner and, as already mentioned, avoids a system error.

Also those 2 tools mentioned by arran seem to do similar things with regards to closing Ports 135, 137-139 and 445. However, they both appear to do them slightly differently. For example, if you close the Ports with Seconfig XP, you'll find that Windows Worms Doors Cleaner (WWDC) will show the Ports aren't completely closed. And if you close the Ports with WWDC, you'll find that Seconfig XP will show inconsistent configuration. I suppose this is why arran uses both? If so, isn't this a little bit contradictory? One "expert" releases a program to close down Ports 135, 137-139, 445. Another "expert" releases a program to do the same thing...but they (apparently) don't really do the same thing? Sounds a bit strange to me - it almost sounds like they (or at least one of them) aren't really "experts" at all or are missing something significant respectively.

I'll leave it up to the reader as to which method(s) they want to use. Unfortunately with these third party programs, they don't tell you exactly which registry settings are being changed (I've tried searching around the web with no success). However, if you do trust these third party programs (blindly), they both have the ability (apparently) to revert their changes. Again, I must emphasise that without knowing exactly which registry settings they change, there is no way to know if the changes will accurately revert. This is why I don't like using third party programs to mess with the registry "automatically".

If someone would like to analyse these programs and post exactly which registry settings are being changed, I'd be most grateful (I may try to do this myself some time).

For now, I'm sticking with the manual method as described in the original post.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 16/7/2010, 14:14

I have been using the 2 hardening tools I posted for a long time, it has been while when I found out what each one does in detail so I can't remember, but I know that they do close all those ports. at the moment I am working long hours and I don't even have time to eat and sleep properly but when I get time I will find out with Malware Defender, MD will show me what registry keys edits they make and I will post back here later.

Also congrats SSJ on your forums here they are becoming very active.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 16/7/2010, 15:10

Thanks arran. That's a good idea using MD to work out what they do - I'll try it myself in my VM soon.

However, I still don't understand why 2 different programs are needed to close 3 ports - it's clear that each program has different protocols to close the same 3 ports...this sounds a little conflicting. Perhaps there is more than one way of doing it. If so, you shouldn't need to use WWDC as well as Seconfig XP. Seconfig XP contains automatic protocols to close those 3 ports and much more.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 16/7/2010, 17:52

arran, I couldn't quite work out even with MD what each program does exactly - maybe you'll have better luck since you know MD better than me.

Regardless, I don't think anyone has publically worked out what exactly is the difference between Seconfig XP and WWDC (specifically with regards to Ports 135, 137-139, 445). I note that even you seem to have given conflicting information about this:
http://www.wilderssecurity.com/showpost.php?p=1473331&postcount=4

Seconfig XP isn't always running as such, it is just a tool which modifies some of XP's settings by closing and disabling vulnerable ports . Windows worm cleaner does the same thing only different ports.

The fact is that Seconfig XP does what WWDC does, but much more. So in theory, if you use Seconfig XP, you don't need WWDC. However, it appears that you feel the need to use both. Again, I find this rather confusing. And as I already stated earlier:

...if you close the Ports with Seconfig XP, you'll find that Windows Worms Doors Cleaner (WWDC) will show the Ports aren't completely closed. And if you close the Ports with WWDC, you'll find that Seconfig XP will show inconsistent configuration.

Here's an illustration of the inconsistency:
1. With Seconfig XP, I disable the Ports (135, 137-139, 445) by ticking the three boxes as shown:


2. I then run WWDC and this is what it shows (as you can see, there are 2 warnings as below. Port 445 appears to be the only one that is consistently disabled):


So how do you explain this? Is Seconfig XP not properly closing Ports 135, 137-139?

It appears that both programs tweak the Registry consistently with regards to Port 445 - they both add the following registry key as I described in the original post:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Name: SMBDeviceEnabled
Type: DWORD (REG_DWORD)
Data: 0

However, with regards to the other Ports, it's anyone's guess.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 18/7/2010, 06:25

Yes you are right actually there doesn't appear to be any need for WWDC you only need Seconfig XP. I should probably remove WWDC
from my sig on wilders.

Now the most effective way to make sure the ports are closed is to download and use something like Curr Ports.

here is the situation with a fresh install


Now with Seconfig XP tweaks enabled. As you can see there is still 2 open ports remaining to disable these you need to disable Application Layer Gateway and Windows Time in the windows System Services I presume you know how to do that.


Then once those 2 services are disabled Curr Ports should look like this.



To see what Seconfig XP does using MD, create reg and file rules exactly like this.



And it will give you a very detailed view of every single registry edit in the logs, as you can see it only modifies registry keys. personally I'm not going to go thru and analysis every single reg edit I see little point but you can if you wish until your heart is content.











avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 18/7/2010, 11:53

Thanks again arran - I'll try that Malware Defender analysis tip some time.

Yes, it's true that the same Ports are closed by using either program. But the fact is that both use slightly different methods to "close" Ports 135, 137-139.

And using CurrPorts only checks which Ports are opened at that moment in time. I think that if eg. a service that you can potentially use is still enabled, Ports 135, 137-139 can still potentially be opened by eg. malware (especially if you run as an Admin). I suspect that WWDC still plays a role in that it shuts off related registry elements to ensure those Ports can't be enabled/opened in any way.

I could be wrong though, and that's why I was interested in exactly what Registry changes each program does.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 18/7/2010, 12:17

If you had running malware on your system its not just ports 135, 137-139
that malware can open, malware can open any port on your system so you would have to disable every single port.

The reason why we should close these ports is not to prevent outgoing connections but to prevent incoming malware like worms, a classic example is the old sasser worm coming in on port 445. And anyway if you are sitting behind a Router which denies all Unrequested packets from your pc then you are safe
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 18/7/2010, 12:32

I just want to add that these hardening tools which close the ports are old, they were mainly made for back in the days when not many people had Routers when a lot of people were using plug in modems which plug into your mother board and they did not have the protection of a Router.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 18/7/2010, 13:53

Yes, what you've said is exactly right. To be honest, the (main) point of this exercise (personally) isn't to get more protection against malware. It's to understand what these Ports are and what services etc use them.

Unfortunately, there definitely remains a difference that I'm yet to figure out exactly - why does Seconfig XP use different methods (that is, different Registry changes) to WWDC for "closing" Ports 135, 137-139? Even in those Wilders threads, this was not resolved (and there were a few apparent "experts" that were asked too). It goes to show how complex the Windows Registry is.

By the way, those points that you made in the last couple of posts were pretty much already made in the first post of this thread by me:

In saying that, simply having a NAT Router and/or Windows Firewall will “stealth” all these ports anyway against inbound connections. However, why keep them potentially open when you have no use for them (I certainly don’t).

Also, I'm not sure how that Sandboxie bypass works exactly (the one that works on Port 445 via SMB). I think I asked tzuk about it but he didn't go into much detail. However, from what I understand, it is this specific Port (as well as 137-139 I think) that is used to bypass Sandboxie (since SMB potentially work on these Ports). Therefore, I concluded that outgoing connections would play a role as well, particularly if you were testing malware in a sandbox with no configured restrictions. Therefore, shutting these Ports down completely would be the only way to plug this Sandboxie bypass.

Anyway, tzuk has said he will address this issue (from Sandboxie's point of view) some time in the future.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 18/7/2010, 14:14

arran wrote:If you had running malware on your system its not just ports 135, 137-139 that malware can open, malware can open any port on your system so you would have to disable every single port.

As I said in the previous post, these specific Ports (as well as 445) are the ones that can be used to bypass Sandboxie from within the sandbox. From what I understand, other Ports can't be used since SMB doesn't call those Ports.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 19/7/2010, 08:27

Okay, it's all rather complex, but I've managed to work out exactly what Registry keys each program adds/modifies. I'll try to simplify it:

Port 135:

Seconfig XP:

Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\DCOM Protocols
Data: ncacn_spx ncacn_nb_nb ncacn_nb_ipx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet

WWDC:

Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet\UseInternetPorts
Data: N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\DCOM Protocols
Data:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM
Data: N

Seconfig XP seems to do the same as WWDC, but doesn't quite get there? It successfully "closes" Port 135 by partially deleting the contents in "DCOM Protocols" (it specifically deletes "ncacn_ip_tcp" and leaves the rest). WWDC deletes all of the contents in "DCOM Protocols" instead. I'm not really sure, but it feels like WWDC's method locks down Port 135 better than Seconfig XP.

Furthermore, Seconfig XP creates a new Registry Key (just like WWDC) called "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet". But that's all it does! It doesn't add anything else to it, which begs the question of why this Registry key was created at all. WWDC seems to "complete" what Seconfig XP tries to do, by adding in "UseInternetPorts" and configuring it to a value of "N" (presumably disabling the use of "Internet Ports"?).

Also, WWDC disables DCOM completely by changing the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM" to a value of "N". Seconfig XP doesn't bother with this.

Ports 137-139:

Seconfig XP:

Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{[i]whole lot of random numbers and letters[/i]}\NetbiosOptions
Data: 0x00000002(2)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{[i]another whole lot of random numbers and letters[/i]}\NetbiosOptions
Data: 0x00000002(2)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{yet another whole lot of random numbers and letters}\NetbiosOptions
Data: 0x00000002(2)

WWDC:

Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Start
Data: 0x00000004(4)

As you can see, each program "closes" Ports 137-139 completely differently. I don't have extensive knowledge about what each registry key does, but essentially Seconfig XP disables "NetBIOS over TCP/IP" the same way as I described in the original post (via the GUI), but it disables it for all 3 interfaces (whatever that means haha), instead of just the one. Whatever the case, this seems a more complete method than the one I described. WWDC on the other hand leaves this option as it is, and instead "closes" Ports 137-139 by presumably disabling the service that starts "NetBIOS over TCP/IP".

Conclusion: It appears reasonable to use both programs to disable Ports 135, 137-139, since each uses different methods (over-lapping to some extent) - it may be overkill, but there's no harm if you don't need these Ports and Services.

Note: as I already mentioned in previous posts, Port 445 is closed by exactly the same method as described in my original post, Seconfig XP and WWDC.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum