How to disable Ports 135, 137-139, 445 (Windows XP)

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 23/7/2010, 11:30

SSJ did you end up using MD to see what registry keys they change?

with regards to Seconfig XP and WWDC using different methods and how experts can't work out why they use different methods. the answer to this is Simple. the fact is that with the registry there is different possible methods to achieve the same goal, and the makers of Seconfig XP and WWDC have just simply chosen what method they should use.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 23/7/2010, 11:44

arran wrote:SSJ did you end up using MD to see what registry keys they change?

with regards to Seconfig XP and WWDC using different methods and how experts can't work out why they use different methods. the answer to this is Simple. the fact is that with the registry there is different possible methods to achieve the same goal, and the makers of Seconfig XP and WWDC have just simply chosen what method they should use.

arran, please read my previous post - it pretty much has all the answers there. And yes, I did use MD to see what registry keys change.

And no, Seconfig XP and WWDC use different methods (in some ways completely differently) - read the conclusion above. Parts of their methods over-lap, but not all. What does this mean? Well, I suppose you could argue that the "experts" had differing opinions on whether to disable the related Services and Settings (for each Port) more comprehensively or not. Because of this, it is justifiable to use both Seconfig XP and WWDC on the same machine.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Dude111 on 25/7/2010, 18:09

I think the best thing to do IS HAVE ALL YOUR PORTS BLOCKED!

I have all mine set to STEALTH and my firewall has 'SMART FILTERING' meaning nothing is allowed in UNLESS I INITIATE IT.. (All unsolicited inbound traffic is blocked (Cant get any better than that i dont think Smile))

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 06:19

Dude111 wrote:I think the best thing to do IS HAVE ALL YOUR PORTS BLOCKED!

I have all mine set to STEALTH and my firewall has 'SMART FILTERING' meaning nothing is allowed in UNLESS I INITIATE IT.. (All unsolicited inbound traffic is blocked (Cant get any better than that i dont think Smile))

Actually, yes you can get better than that - completely disabling the Ports is safer than hiding them. And this is what this thread is about - how to disable the Ports, rather than how to hide (stealth) them. Most people have these Ports stealthed anyway, since they are behind a NAT Router and/or a software Firewall (even Windows XP's Firewall is enough).

Of course, disabling all your Ports means you can't do anything internet related. That's why you can just disable the "high risk" Ports, while keeping all others stealthed.

Also, disabling Ports is more secure because even if your Firewall gets bypassed by malware, those Ports still can't be used to hack/infect your system (since they are disabled).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Dude111 on 26/7/2010, 08:00

Sorry for the misunderstanding my friend Smile

Dude111
Member
Member

Posts : 25
Join date : 2010-07-25

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 08:22

What misunderstanding mate. We're all learning.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by arran on 26/7/2010, 11:49

ssj100 wrote:
Dude111 wrote:I think the best thing to do IS HAVE ALL YOUR PORTS BLOCKED!

I have all mine set to STEALTH and my firewall has 'SMART FILTERING' meaning nothing is allowed in UNLESS I INITIATE IT.. (All unsolicited inbound traffic is blocked (Cant get any better than that i dont think Smile))

Actually, yes you can get better than that - completely disabling the Ports is safer than hiding them. And this is what this thread is about - how to disable the Ports, rather than how to hide (stealth) them. Most people have these Ports stealthed anyway, since they are behind a NAT Router and/or a software Firewall (even Windows XP's Firewall is enough).

Of course, disabling all your Ports means you can't do anything internet related. That's why you can just disable the "high risk" Ports, while keeping all others stealthed.

Also, disabling Ports is more secure because even if your Firewall gets bypassed by malware, those Ports still can't be used to hack/infect your system (since they are disabled).

Actually SSj I'm not to sure on this one yet I think with the tools and registry changes we have talked about here only disable and prevent the services from opening the ports, the ports are only closed not actually permanently disabled meaning that another program can open them.

with regards to the sandboxie problem with malware being able to bypass sandboxie and connect out thru port 445 my question is can malware open the port 445 as well as connect out or does the port already need to be open for the malware to connect out, Personally I don't believe so I think the port would have to be already open for the malware to by pass sandboxie and connect out.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 12:15

arran wrote:Actually SSj I'm not to sure on this one yet I think with the tools and registry changes we have talked about here only disable and prevent the services from opening the ports, the ports are only closed not actually permanently disabled meaning that another program can open them.

Yes, I'm not certain on this either actually. Might have to do some further research on it.

arran wrote:with regards to the sandboxie problem with malware being able to bypass sandboxie and connect out thru port 445 my question is can malware open the port 445 as well as connect out or does the port already need to be open for the malware to connect out, Personally I don't believe so I think the port would have to be already open for the malware to by pass sandboxie and connect out.

For the Sandboxie bypass, I'm fairly sure it requires the use of a specific process called Sever Message Block (SMB):
http://en.wikipedia.org/wiki/Server_Message_Block

By default, SMB listens on Port 445. This is how Sandboxie can presumably be bypassed. It's not so much closing Port 445 (or making sure nothing can open it), but it's more about disabling SMB. Seconfig XP and WWDC (both) disable SMB nicely.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 26/7/2010, 13:21

arran wrote:Actually SSj I'm not to sure on this one yet I think with the tools and registry changes we have talked about here only disable and prevent the services from opening the ports, the ports are only closed not actually permanently disabled meaning that another program can open them.

Just spent about 10-15 minutes on Google, and I still can't find a solid and comprehensive clarification about this. I can't remember where I read it, but I'm fairly sure I read somewhere (from a reliable source) that "disabling" a Port is more secure than blocking traffic across it with a Firewall.

It does appear that by disabling eg. SMB, no traffic can cross Port 445. I don't think a random program can use Port 445 and call out through it (if SMB is disabled).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by avillom on 14/12/2010, 01:06

Here is one more ports closing program:
http://www.zebulon.fr/files/ZebProtect_en.exe

An explanation:
http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=fr&tl=en&u=http%3A%2F%2Fwww.zebulon.fr%2Fdossiers%2F40-zebprotect.html

PS: Nice forum , I really like it.

avillom
New Member
New Member

Posts : 1
Join date : 2010-12-14

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by p2u on 14/12/2010, 20:24

ssj100 wrote:Just spent about 10-15 minutes on Google, and I still can't find a solid and comprehensive clarification about this. I can't remember where I read it, but I'm fairly sure I read somewhere (from a reliable source) that "disabling" a Port is more secure than blocking traffic across it with a Firewall.
There is, of course, only one good way to block ports: removing the programs/services that keep them open. On the Internet there are many resources that instruct you to disable, but to my mind, removing is better, because anything that has been disabled can be enabled again if the circumstances are right. Additionally it is wise to have a firewall that blocks anything by default without giving the limited user the choice to take decisions. For this purpose, I use the in-built Vista firewall with Advanced security as described by Stem here. Pretty much blocks anything that hasn't been allowed. I was kind of surprised that I was able to pass all of Matousec's leaktests, although I had to resort to a little trick. For example: although I NEVER use it, IE is set as my default browser, but it can't get out because there are no rules. The in-built firewall just plainly blocks it without giving any alerts at all. Smile

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 15/12/2010, 07:55

Yes, I'd have to agree that removing the programs/services that potentially opens the ports is the best way to close them for good.

However, when running as a Limited User, it's very unlikely that a program/service would be maliciously used to re-enable a port without some sort of zero-day privilege escalation and remote code execution exploit. And if you have good protection measures in place (eg. Sandboxie), even if you were unlucky enough to come across such a combination of exploits, you would still be safe.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Philipitous on 7/7/2013, 20:59

This is a good thread, and is visible to non-members of this forum as it comes up on a search. However it lacks a vital step. I've just done a fresh install of XP Home and followed this. Works well - cports.exe shows no open ports till you connect to the internet, then svchost opens 137 -139 in despite!

Solution: in advanced network properties disable netbios over tcp/ip (and untick enable LMHOSTs lookup for good measure.)

Thanks guys.


Philipitous
New Member
New Member

Posts : 2
Join date : 2013-07-07

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 8/7/2013, 12:29

Philipitous wrote:This is a good thread, and is visible to non-members of this forum as it comes up on a search. However it lacks a vital step. I've just done a fresh install of XP Home and followed this. Works well - cports.exe shows no open ports till you connect to the internet, then svchost opens 137 -139 in despite!

Solution: in advanced network properties disable netbios over tcp/ip (and untick enable LMHOSTs lookup for good measure.)

Thanks guys.

That's odd, all those ports don't appear open for me even with LMHOSTs enabled. Is your computer part of a network?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Philipitous on 8/7/2013, 13:50

ssj100 wrote:That's odd, all those ports don't appear open for me even with LMHOSTs enabled.  Is your computer part of a network?
Not networked. Standalone with Speedtouch 330 usb modem.

I agree, LMHOSTs lookup enabled/disabled doesn't appear to make a difference.

But netbios over tcp/ip is ticked enabled by default.

Philipitous
New Member
New Member

Posts : 2
Join date : 2013-07-07

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 8/7/2013, 14:28

Disabling netbios over tcp/ip is actually stated in the first post of this thread (under "To disable Ports 137, 138, 139"):
http://ssj100.fullsubject.com/t181-how-to-disable-ports-135-137-139-445-windows-xp#1210
Note that I quoted this site as my reference:
http://www.pimp-my-rig.com/2008/12/disable-port-137-138-139.html

I'm pretty sure Seconfig XP and/or WWDC also do that, as instructed in one of the posts in this thread (under "Ports 137-139"):
http://ssj100.fullsubject.com/t181p15-how-to-disable-ports-135-137-139-445-windows-xp#1301

Anyway, glad this thread was useful for you!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

why the emphasis on closing Ports 135, 137-139 and 445?

Post by sanbox man on 19/8/2016, 15:26

arran wrote:If you had running malware on your system its not just ports 135, 137-139
that malware can open, malware can open any port on your system so you would have to disable every single port.

The reason why we should close these ports is not to prevent outgoing connections but to prevent incoming malware like worms, a classic example is the old sasser worm coming in on port 445. And anyway if you are sitting behind a Router which denies all Unrequested packets from your pc then you are safe
So then why the emphasis on closing Ports 135, 137-139 and 445?
What makes them special or worrisome?

sanbox man
Member
Member

Posts : 10
Join date : 2016-08-17

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 19/8/2016, 16:01

Because they have been exploited frequently in the past.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by sanbox man on 19/8/2016, 18:29

ssj100 wrote:Because they have been exploited frequently in the past.
arran wrote:... its not just ports 135, 137-139
that malware can open, malware can open any port on your system so you would have to disable every single port.

Are these ports, the bad guys favorite ports for a particular type
of malware?


sanbox man
Member
Member

Posts : 10
Join date : 2016-08-17

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by ssj100 on 19/8/2016, 19:48

Could be.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by wat0114 on 24/12/2016, 21:18

sanbox man wrote:
Are these ports, the bad guys favorite ports for a particular type
of malware?


The blaster worm of many years ago is a prime example of malware that exploited these ports on Win XP.

https://support.microsoft.com/en-ca/kb/826955

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: How to disable Ports 135, 137-139, 445 (Windows XP)

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum