How to disable Ports 135, 137-139, 445 (Windows XP)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 16/7/2010, 14:14

I have been using the 2 hardening tools I posted for a long time, it has been while when I found out what each one does in detail so I can't remember, but I know that they do close all those ports. at the moment I am working long hours and I don't even have time to eat and sleep properly but when I get time I will find out with Malware Defender, MD will show me what registry keys edits they make and I will post back here later.

Also congrats SSJ on your forums here they are becoming very active.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 16/7/2010, 15:10

Thanks arran. That's a good idea using MD to work out what they do - I'll try it myself in my VM soon.

However, I still don't understand why 2 different programs are needed to close 3 ports - it's clear that each program has different protocols to close the same 3 ports...this sounds a little conflicting. Perhaps there is more than one way of doing it. If so, you shouldn't need to use WWDC as well as Seconfig XP. Seconfig XP contains automatic protocols to close those 3 ports and much more.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 16/7/2010, 17:52

arran, I couldn't quite work out even with MD what each program does exactly - maybe you'll have better luck since you know MD better than me.

Regardless, I don't think anyone has publically worked out what exactly is the difference between Seconfig XP and WWDC (specifically with regards to Ports 135, 137-139, 445). I note that even you seem to have given conflicting information about this:
http://www.wilderssecurity.com/showpost.php?p=1473331&postcount=4

Seconfig XP isn't always running as such, it is just a tool which modifies some of XP's settings by closing and disabling vulnerable ports . Windows worm cleaner does the same thing only different ports.

The fact is that Seconfig XP does what WWDC does, but much more. So in theory, if you use Seconfig XP, you don't need WWDC. However, it appears that you feel the need to use both. Again, I find this rather confusing. And as I already stated earlier:

...if you close the Ports with Seconfig XP, you'll find that Windows Worms Doors Cleaner (WWDC) will show the Ports aren't completely closed. And if you close the Ports with WWDC, you'll find that Seconfig XP will show inconsistent configuration.

Here's an illustration of the inconsistency:
1. With Seconfig XP, I disable the Ports (135, 137-139, 445) by ticking the three boxes as shown:


2. I then run WWDC and this is what it shows (as you can see, there are 2 warnings as below. Port 445 appears to be the only one that is consistently disabled):


So how do you explain this? Is Seconfig XP not properly closing Ports 135, 137-139?

It appears that both programs tweak the Registry consistently with regards to Port 445 - they both add the following registry key as I described in the original post:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Name: SMBDeviceEnabled
Type: DWORD (REG_DWORD)
Data: 0

However, with regards to the other Ports, it's anyone's guess.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 18/7/2010, 06:25

Yes you are right actually there doesn't appear to be any need for WWDC you only need Seconfig XP. I should probably remove WWDC
from my sig on wilders.

Now the most effective way to make sure the ports are closed is to download and use something like Curr Ports.

here is the situation with a fresh install


Now with Seconfig XP tweaks enabled. As you can see there is still 2 open ports remaining to disable these you need to disable Application Layer Gateway and Windows Time in the windows System Services I presume you know how to do that.


Then once those 2 services are disabled Curr Ports should look like this.



To see what Seconfig XP does using MD, create reg and file rules exactly like this.



And it will give you a very detailed view of every single registry edit in the logs, as you can see it only modifies registry keys. personally I'm not going to go thru and analysis every single reg edit I see little point but you can if you wish until your heart is content.











avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 18/7/2010, 11:53

Thanks again arran - I'll try that Malware Defender analysis tip some time.

Yes, it's true that the same Ports are closed by using either program. But the fact is that both use slightly different methods to "close" Ports 135, 137-139.

And using CurrPorts only checks which Ports are opened at that moment in time. I think that if eg. a service that you can potentially use is still enabled, Ports 135, 137-139 can still potentially be opened by eg. malware (especially if you run as an Admin). I suspect that WWDC still plays a role in that it shuts off related registry elements to ensure those Ports can't be enabled/opened in any way.

I could be wrong though, and that's why I was interested in exactly what Registry changes each program does.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 18/7/2010, 12:17

If you had running malware on your system its not just ports 135, 137-139
that malware can open, malware can open any port on your system so you would have to disable every single port.

The reason why we should close these ports is not to prevent outgoing connections but to prevent incoming malware like worms, a classic example is the old sasser worm coming in on port 445. And anyway if you are sitting behind a Router which denies all Unrequested packets from your pc then you are safe
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 18/7/2010, 12:32

I just want to add that these hardening tools which close the ports are old, they were mainly made for back in the days when not many people had Routers when a lot of people were using plug in modems which plug into your mother board and they did not have the protection of a Router.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 18/7/2010, 13:53

Yes, what you've said is exactly right. To be honest, the (main) point of this exercise (personally) isn't to get more protection against malware. It's to understand what these Ports are and what services etc use them.

Unfortunately, there definitely remains a difference that I'm yet to figure out exactly - why does Seconfig XP use different methods (that is, different Registry changes) to WWDC for "closing" Ports 135, 137-139? Even in those Wilders threads, this was not resolved (and there were a few apparent "experts" that were asked too). It goes to show how complex the Windows Registry is.

By the way, those points that you made in the last couple of posts were pretty much already made in the first post of this thread by me:

In saying that, simply having a NAT Router and/or Windows Firewall will “stealth” all these ports anyway against inbound connections. However, why keep them potentially open when you have no use for them (I certainly don’t).

Also, I'm not sure how that Sandboxie bypass works exactly (the one that works on Port 445 via SMB). I think I asked tzuk about it but he didn't go into much detail. However, from what I understand, it is this specific Port (as well as 137-139 I think) that is used to bypass Sandboxie (since SMB potentially work on these Ports). Therefore, I concluded that outgoing connections would play a role as well, particularly if you were testing malware in a sandbox with no configured restrictions. Therefore, shutting these Ports down completely would be the only way to plug this Sandboxie bypass.

Anyway, tzuk has said he will address this issue (from Sandboxie's point of view) some time in the future.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 18/7/2010, 14:14

arran wrote:If you had running malware on your system its not just ports 135, 137-139 that malware can open, malware can open any port on your system so you would have to disable every single port.

As I said in the previous post, these specific Ports (as well as 445) are the ones that can be used to bypass Sandboxie from within the sandbox. From what I understand, other Ports can't be used since SMB doesn't call those Ports.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 19/7/2010, 08:27

Okay, it's all rather complex, but I've managed to work out exactly what Registry keys each program adds/modifies. I'll try to simplify it:

Port 135:

Seconfig XP:

Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\DCOM Protocols
Data: ncacn_spx ncacn_nb_nb ncacn_nb_ipx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet

WWDC:

Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet\UseInternetPorts
Data: N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\DCOM Protocols
Data:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM
Data: N

Seconfig XP seems to do the same as WWDC, but doesn't quite get there? It successfully "closes" Port 135 by partially deleting the contents in "DCOM Protocols" (it specifically deletes "ncacn_ip_tcp" and leaves the rest). WWDC deletes all of the contents in "DCOM Protocols" instead. I'm not really sure, but it feels like WWDC's method locks down Port 135 better than Seconfig XP.

Furthermore, Seconfig XP creates a new Registry Key (just like WWDC) called "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet". But that's all it does! It doesn't add anything else to it, which begs the question of why this Registry key was created at all. WWDC seems to "complete" what Seconfig XP tries to do, by adding in "UseInternetPorts" and configuring it to a value of "N" (presumably disabling the use of "Internet Ports"?).

Also, WWDC disables DCOM completely by changing the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM" to a value of "N". Seconfig XP doesn't bother with this.

Ports 137-139:

Seconfig XP:

Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{[i]whole lot of random numbers and letters[/i]}\NetbiosOptions
Data: 0x00000002(2)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{[i]another whole lot of random numbers and letters[/i]}\NetbiosOptions
Data: 0x00000002(2)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{yet another whole lot of random numbers and letters}\NetbiosOptions
Data: 0x00000002(2)

WWDC:

Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Start
Data: 0x00000004(4)

As you can see, each program "closes" Ports 137-139 completely differently. I don't have extensive knowledge about what each registry key does, but essentially Seconfig XP disables "NetBIOS over TCP/IP" the same way as I described in the original post (via the GUI), but it disables it for all 3 interfaces (whatever that means haha), instead of just the one. Whatever the case, this seems a more complete method than the one I described. WWDC on the other hand leaves this option as it is, and instead "closes" Ports 137-139 by presumably disabling the service that starts "NetBIOS over TCP/IP".

Conclusion: It appears reasonable to use both programs to disable Ports 135, 137-139, since each uses different methods (over-lapping to some extent) - it may be overkill, but there's no harm if you don't need these Ports and Services.

Note: as I already mentioned in previous posts, Port 445 is closed by exactly the same method as described in my original post, Seconfig XP and WWDC.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 23/7/2010, 11:30

SSJ did you end up using MD to see what registry keys they change?

with regards to Seconfig XP and WWDC using different methods and how experts can't work out why they use different methods. the answer to this is Simple. the fact is that with the registry there is different possible methods to achieve the same goal, and the makers of Seconfig XP and WWDC have just simply chosen what method they should use.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 23/7/2010, 11:44

arran wrote:SSJ did you end up using MD to see what registry keys they change?

with regards to Seconfig XP and WWDC using different methods and how experts can't work out why they use different methods. the answer to this is Simple. the fact is that with the registry there is different possible methods to achieve the same goal, and the makers of Seconfig XP and WWDC have just simply chosen what method they should use.

arran, please read my previous post - it pretty much has all the answers there. And yes, I did use MD to see what registry keys change.

And no, Seconfig XP and WWDC use different methods (in some ways completely differently) - read the conclusion above. Parts of their methods over-lap, but not all. What does this mean? Well, I suppose you could argue that the "experts" had differing opinions on whether to disable the related Services and Settings (for each Port) more comprehensively or not. Because of this, it is justifiable to use both Seconfig XP and WWDC on the same machine.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Dude111 on 25/7/2010, 18:09

I think the best thing to do IS HAVE ALL YOUR PORTS BLOCKED!

I have all mine set to STEALTH and my firewall has 'SMART FILTERING' meaning nothing is allowed in UNLESS I INITIATE IT.. (All unsolicited inbound traffic is blocked (Cant get any better than that i dont think Smile))

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 06:19

Dude111 wrote:I think the best thing to do IS HAVE ALL YOUR PORTS BLOCKED!

I have all mine set to STEALTH and my firewall has 'SMART FILTERING' meaning nothing is allowed in UNLESS I INITIATE IT.. (All unsolicited inbound traffic is blocked (Cant get any better than that i dont think Smile))

Actually, yes you can get better than that - completely disabling the Ports is safer than hiding them. And this is what this thread is about - how to disable the Ports, rather than how to hide (stealth) them. Most people have these Ports stealthed anyway, since they are behind a NAT Router and/or a software Firewall (even Windows XP's Firewall is enough).

Of course, disabling all your Ports means you can't do anything internet related. That's why you can just disable the "high risk" Ports, while keeping all others stealthed.

Also, disabling Ports is more secure because even if your Firewall gets bypassed by malware, those Ports still can't be used to hack/infect your system (since they are disabled).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Dude111 on 26/7/2010, 08:00

Sorry for the misunderstanding my friend Smile

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 08:22

What misunderstanding mate. We're all learning.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 26/7/2010, 11:49

ssj100 wrote:
Dude111 wrote:I think the best thing to do IS HAVE ALL YOUR PORTS BLOCKED!

I have all mine set to STEALTH and my firewall has 'SMART FILTERING' meaning nothing is allowed in UNLESS I INITIATE IT.. (All unsolicited inbound traffic is blocked (Cant get any better than that i dont think Smile))

Actually, yes you can get better than that - completely disabling the Ports is safer than hiding them. And this is what this thread is about - how to disable the Ports, rather than how to hide (stealth) them. Most people have these Ports stealthed anyway, since they are behind a NAT Router and/or a software Firewall (even Windows XP's Firewall is enough).

Of course, disabling all your Ports means you can't do anything internet related. That's why you can just disable the "high risk" Ports, while keeping all others stealthed.

Also, disabling Ports is more secure because even if your Firewall gets bypassed by malware, those Ports still can't be used to hack/infect your system (since they are disabled).

Actually SSj I'm not to sure on this one yet I think with the tools and registry changes we have talked about here only disable and prevent the services from opening the ports, the ports are only closed not actually permanently disabled meaning that another program can open them.

with regards to the sandboxie problem with malware being able to bypass sandboxie and connect out thru port 445 my question is can malware open the port 445 as well as connect out or does the port already need to be open for the malware to connect out, Personally I don't believe so I think the port would have to be already open for the malware to by pass sandboxie and connect out.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 12:15

arran wrote:Actually SSj I'm not to sure on this one yet I think with the tools and registry changes we have talked about here only disable and prevent the services from opening the ports, the ports are only closed not actually permanently disabled meaning that another program can open them.

Yes, I'm not certain on this either actually. Might have to do some further research on it.

arran wrote:with regards to the sandboxie problem with malware being able to bypass sandboxie and connect out thru port 445 my question is can malware open the port 445 as well as connect out or does the port already need to be open for the malware to connect out, Personally I don't believe so I think the port would have to be already open for the malware to by pass sandboxie and connect out.

For the Sandboxie bypass, I'm fairly sure it requires the use of a specific process called Sever Message Block (SMB):
http://en.wikipedia.org/wiki/Server_Message_Block

By default, SMB listens on Port 445. This is how Sandboxie can presumably be bypassed. It's not so much closing Port 445 (or making sure nothing can open it), but it's more about disabling SMB. Seconfig XP and WWDC (both) disable SMB nicely.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 13:21

arran wrote:Actually SSj I'm not to sure on this one yet I think with the tools and registry changes we have talked about here only disable and prevent the services from opening the ports, the ports are only closed not actually permanently disabled meaning that another program can open them.

Just spent about 10-15 minutes on Google, and I still can't find a solid and comprehensive clarification about this. I can't remember where I read it, but I'm fairly sure I read somewhere (from a reliable source) that "disabling" a Port is more secure than blocking traffic across it with a Firewall.

It does appear that by disabling eg. SMB, no traffic can cross Port 445. I don't think a random program can use Port 445 and call out through it (if SMB is disabled).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by p2u on 14/12/2010, 20:24

ssj100 wrote:Just spent about 10-15 minutes on Google, and I still can't find a solid and comprehensive clarification about this. I can't remember where I read it, but I'm fairly sure I read somewhere (from a reliable source) that "disabling" a Port is more secure than blocking traffic across it with a Firewall.
There is, of course, only one good way to block ports: removing the programs/services that keep them open. On the Internet there are many resources that instruct you to disable, but to my mind, removing is better, because anything that has been disabled can be enabled again if the circumstances are right. Additionally it is wise to have a firewall that blocks anything by default without giving the limited user the choice to take decisions. For this purpose, I use the in-built Vista firewall with Advanced security as described by Stem here. Pretty much blocks anything that hasn't been allowed. I was kind of surprised that I was able to pass all of Matousec's leaktests, although I had to resort to a little trick. For example: although I NEVER use it, IE is set as my default browser, but it can't get out because there are no rules. The in-built firewall just plainly blocks it without giving any alerts at all. Smile

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 15/12/2010, 07:55

Yes, I'd have to agree that removing the programs/services that potentially opens the ports is the best way to close them for good.

However, when running as a Limited User, it's very unlikely that a program/service would be maliciously used to re-enable a port without some sort of zero-day privilege escalation and remote code execution exploit. And if you have good protection measures in place (eg. Sandboxie), even if you were unlucky enough to come across such a combination of exploits, you would still be safe.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Philipitous on 7/7/2013, 20:59

This is a good thread, and is visible to non-members of this forum as it comes up on a search. However it lacks a vital step. I've just done a fresh install of XP Home and followed this. Works well - cports.exe shows no open ports till you connect to the internet, then svchost opens 137 -139 in despite!

Solution: in advanced network properties disable netbios over tcp/ip (and untick enable LMHOSTs lookup for good measure.)

Thanks guys.


Philipitous
New Member
New Member

Posts : 2
Join date : 2013-07-07

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 8/7/2013, 12:29

Philipitous wrote:This is a good thread, and is visible to non-members of this forum as it comes up on a search. However it lacks a vital step. I've just done a fresh install of XP Home and followed this. Works well - cports.exe shows no open ports till you connect to the internet, then svchost opens 137 -139 in despite!

Solution: in advanced network properties disable netbios over tcp/ip (and untick enable LMHOSTs lookup for good measure.)

Thanks guys.

That's odd, all those ports don't appear open for me even with LMHOSTs enabled. Is your computer part of a network?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Philipitous on 8/7/2013, 13:50

ssj100 wrote:That's odd, all those ports don't appear open for me even with LMHOSTs enabled.  Is your computer part of a network?
Not networked. Standalone with Speedtouch 330 usb modem.

I agree, LMHOSTs lookup enabled/disabled doesn't appear to make a difference.

But netbios over tcp/ip is ticked enabled by default.

Philipitous
New Member
New Member

Posts : 2
Join date : 2013-07-07

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum