How to disable a port using an IP Security Policy of Windows 2000

Hackers mostly intrude through ports, so your server can only open the ports you need. What ports do you need? The following are common ports that you can choose as needed:

80 is a Web site service, 21 is an FTP service, 25 is an e-mail SMTP service, and 110 is an e-mail POP3 service.

For more information, see SQL server port 1433. Disable unnecessary ports! To close these ports, we can use the security policy of Windows 2000.
With its security policy, it can completely prevent intruders from attacking. You can go to "Administrative Tools> Local Security Policy", right-click "IP Security Policy", select "create IP Security Policy", and click [next]. Enter the name of the Security Policy, click [next], and then you will create a security policy:

Next, you need to right-click "IP Security Policy" to go to manage IP filters and filters. In the manage IP filters list, you can add ports to be blocked, here, we use the case of Disabling ICMP and 139 ports.

If ICMP is disabled, hackers cannot scan your machine or ping your machine without the force scan function. To Disable ICMP, click [add], enter "Disable ICMP" in the name, click [add] on the right, and then click [next]. Select "any IP Address" from the source address and click [next]. Select "my IP Address" from the target address and click [next]. Select "ICMP" in the protocol and click [next]. Return to the "Close ICMP attribute" window to close ICMP.

Next we will set to disable 139. Also, click "add" in the management IP Filter list and set the name to "Disable 139". Click "add" on the right and click [next]. Select "any IP Address" from the source address and click [next]. Select "my IP Address" from the target address and click [next]. Select "TCP" in the protocol and click [next]. In the set IP protocol port, select any port to this port, enter 139 in this port, and click [next]. That is, close port 139. Other ports are also set.

Next, go to the settings management filter operation, click "add", click [next], enter "reject" in the name, and click [next]. Select "Block" and click [next].

Close this property page, right-click the newly created IP Security Policy "security", and open the property page. Select "add" in the rule and click [next]. Select "this rule does not specify a tunnel" and click [next]. Select "all network connections" in the select network type and click [next]. Select "Disable ICMP" in the IP Filter list and click [next]. In the filter operation, select "deny" and click [next]. In this way, you can add the "Disable ICMP" filter to the IP Security Policy named "security. In the same way, you can add other filters such as "Disable 139.

The last thing to do is assign this policy. It takes effect only after it is assigned. Right-click "security", select "all tasks" from the menu, and select "Assign ". The IP Security Settings end here. You can set the corresponding policies based on your own situation.

You can also disable the ports 5500,7000, 7100,5100, 5000,7200, 16300,16301, 16302,6000, 5600,4900, and 10000 to prevent gamers from copying equipment, with shell, you can enable automatic restart and operation after fully automatic port disconnection.