How to disable dangerous port 135 in windows

Port 135 is mainly used to use the Remote Procedure Call Protocol and provide the DCOM (Distributed Component Object Model) service, by using RPC, programs running on a computer can smoothly execute code on a remote computer. By using DCOM, you can directly communicate through the network, it can transmit data across multiple networks, including HTTP.

Port 135 is generally not used, so it is better to disable it.

It is believed that many Windows 2000 and Windows XP users suffered from the "Shock Wave" virus last year, which used the RPC vulnerability to attack computers. RPC itself has a vulnerability in the message exchange through TCP/IP. This vulnerability is caused by incorrectly processing incorrectly formatted messages. This vulnerability affects an interface between RPC and DCOM. The port that the interface listens on is 135.

Next let's take a look at the methods to disable port 135.

Run dcomcnfg, expand "component service"> "computer", right-click "my computer", select "properties", switch to "default properties", and disable "enable Distributed COM "; switch to "default Protocol" and delete "connection-oriented TCP/IP ".

The above options have the corresponding registry key value, so you can also modify it through the registry:

Change the value of HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Ole/EnableDCOM to "N"
Delete "ncacn_ip_tcp" from HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Rpc/DCOM Protocols"
In addition, you must disable the "Distributed Transaction Coordinator" service.

After the restart, port 135 is unavailable.

Another way is to disable 135 on the GUI.

The following describes how to disable these Network Ports in WinXP/2000/2003:

Step 1: click "start" menu/settings/control panel/management tools, double-click to open "Local Security Policy", select "IP Security Policy, on the local computer ", right-click the blank position in the right pane, and select "create IP Security Policy" in the shortcut menu. A wizard is displayed. Click "Next" in the Wizard to name the new security policy. Then, press "Next" to display the "Secure Communication Request" screen, remove the hooks on the left of "Activate default rules" on the screen. Click "finish" to create a new IP Security Policy.

Step 2: Right-click the IP Security Policy. In the "properties" dialog box, remove the hook on the left of "use add wizard" and click "add" to add a new rule, then, the "new rule attributes" dialog box appears. Click the "add" button on the screen to bring up the IP Filter list window. In the list, remove the check on the left of "use add wizard, then, click "add" on the right side to add a new filter.

Step 3: Go to the "Filter Properties" dialog box. First, you will see addressing. Select "any IP Address" as the source address, select "my IP Address" as the target address, and click the "protocol" tab, in the "select protocol type" drop-down list, select "TCP", enter "135" in the "to this port" text box, and click "OK, in this way, a filter is added to shield the TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135. Click "OK" and return to the filter List dialog box. A policy has been added, repeat the preceding steps to add TCP 137, 139, 445, 593, UDP 135, 139, and 445 ports and create corresponding filters for them. Repeat the preceding steps to add a blocking policy for TCP ports 1025, 2745, 3127, 6129, and 3389, create a filter for the preceding port, and click OK.

Step 4: In the "new rule attributes" dialog box, select "new IP Filter list" and click a dot in the circle on the left to indicate that the IP address has been activated, click the filter action tab. On the "Filter Operations" tab, remove the hooks on the left of "use add wizard" and click "add" to add a "Block" Operation: on the "Security Measures" tab of "New Filter operation properties", select "Block" and click "OK.

Step 5. Enter the "new rule attributes" dialog box and click "New Filter operation". A dot is added to the circle on the left to indicate that the operation has been activated. Click "close" to close the dialog box; return to the "new IP Security Policy attributes" dialog box, tick the left side of the "new IP Filter list", and click "OK" to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP Security Policy and select "Assign ".