135 Dangerous Port method shutdown in Windows

135-Port Normally we're not going to use it, so it's better to build justice everyone off.

It is believed that many Windows 2000 and Windows XP users had a "shockwave" virus last year that exploited RPC vulnerabilities to attack computers. RPC itself has a vulnerability in the processing of the message exchange over TCP/IP, which is caused by incorrectly handling malformed messages. This vulnerability affects an interface between RPC and DCOM, which listens on a port that is 135.

Let's look at the 135 port shutdown options

Run DCOMCNFG, expand Component Services → computers, click Properties on my Computer, switch to default properties, cancel enable Distributed COM, and then switch to default protocol to remove "connection-oriented TCP/IP" from.

The above options have the corresponding registry key values, so you can also modify them by using the registry:

Change the value of hkey_local_machine/software/microsoft/ole/enabledcom to "N"
Delete "ncacn_ip_tcp" in hkey_local_machine/software/microsoft/rpc/dcom protocols
In addition, you will need to deactivate the distributed Transaction Coordinator service.

After the reboot, 135 ports are gone.

Another way to do that is to turn off the graphics screen 135 off

The following describes how to turn off these network ports under winxp/2000/2003:

First, click on the "Start" menu/setup/Control Panel/Admin tool, double-click to open Local Security policy, select IP Security Policy, on local computer, right-click in a blank location in the right pane, pop-up shortcut menu, select Create IP Security Policy, and then pop up a wizard. In the wizard, click the "Next" button, name the new security policy, and then press "next" to display the "Secure Communications Request" screen, remove the hook to the left of the "Activate Default Rule" button on the screen, and click "Finish" to create a new IP Security policy.

The second step, right-click the IP Security Policy, and in the Properties dialog box, remove the hook to the left of the Use Add Wizard, and then click the Add button to add a new rule, and then pop the new Rule Properties dialog box, click the Add button on the screen, and pop up the IP Filter List window; In the list, first put the Use the Add Wizard to remove the hook on the left, and then click the Add button on the right to add a new filter.

Step three, enter the Filter Properties dialog box, where you first see the addressing, select "Any IP address" from the source address, choose "My IP Address" for the destination address, click the "Protocol" tab, choose "TCP" in the "Select protocol type" Drop-down list, and then enter "135" in the text box under "to this port". Click on the "OK" button to add a filter that shields the TCP 135 (RPC) port from being connected to your computer via port 135. When you click OK to go back to the Filter List dialog box, you can see that you have added a policy, repeat the steps to continue adding TCP 137, 139, 445, 593 ports, and UDP 135, 139, 445 ports, and set up the appropriate filters for them. Repeat the above steps to add TCP 1025, 2745, 3127, 6129, 3389 port shielding policy, set up the above port filter, and finally click the "OK" button.

Step fourth, in the New Rule Properties dialog box, select New IP filter list and click on the circle to the left to add a point indicating that it has been activated, and then click the Filter Action tab. In the Filter Actions tab, remove the hook to the left of the "Use Add Wizard" and click the "Add" button to add a "block" action: In the Security tab of the new Filter action properties, select Block, and then click OK.

Step fifth, go to the New Rule Properties dialog box and click "New Filter Action", the circle on the left adds a point indicating that it has been activated, clicks the Close button, closes the dialog box, returns to the new IP Security Policy Properties dialog box, hooks to the left of the new IP filter list, and presses OK button to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and choose Assign.