How to disable port 135/139/445 in Windows

Source: Internet
Author: User

Comments: Disable port 135/139/445 in Windows. For security purposes, port 135 is mainly used to use RPC (Remote Procedure Call, Remote process Call) Protocol and provide DCOM (Distributed Component Object Model) service.

Port Description: port 135 is mainly used to use the RPC (Remote Procedure Call, Remote process Call) Protocol and provide the DCOM (Distributed Component Object Model) service, by using RPC, programs running on a computer can smoothly execute code on a remote computer. By using DCOM, you can directly communicate through the network, it can transmit data across multiple networks, including HTTP.

Port Vulnerability: it is believed that many Windows 2000 and Windows XP users suffered the "Shock Wave" virus last year. The virus uses the RPC vulnerability to attack computers. RPC itself has a vulnerability in the message exchange through TCP/IP. This vulnerability is caused by incorrectly processing incorrectly formatted messages. This vulnerability affects an interface between RPC and DCOM. The port that the interface listens on is 135.

Operation suggestion: to avoid the "Shock Wave" virus attack, we recommend that you disable this port.

Close port 135
1. Click Start> Run, enter dcomcnfg, and click OK to open the component service.



2. In the pop-up "component service" dialog box, select "computer.



3. On the right side of the "computer" option, right-click "my computer" and select "properties ".



4. In the displayed "My Computer properties" dialog box "default properties" tab, remove the check box before "enable Distributed COM on this computer.


5. Select the "default Protocol" tab, select "connection-oriented TCP/IP", and click "delete.



6. Click OK to complete the settings. After restarting, you can disable port 135.
 
Port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and Samba Service in Unix.
Port Description: port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and Samba Service in Unix. To share files in a LAN in Windows, you must use this service. For example, in Windows 98, you can open the "control panel" and double-click the "network" icon, on the "configuration" tab, click the "file and print share" button and select the corresponding settings to install and enable the Service. in Windows 2000/XP, you can open the "control panel ", double-click the "Network Connection" icon to open the local connection properties. In the "General" tab of the Properties window, select "Internet Protocol (TCP/IP)" and click "properties; in the displayed window, click the "advanced" button. In the "Advanced TCP/IP Settings" window, select the "WINS" tab, enable NetBIOS on TCP/IP in the "NetBIOS Settings" area.

Port Vulnerability: Although enabling port 139 can provide shared services, it is often exploited by attackers. For example, port scanning tools such as streamer and SuperScan can scan port 139 of the target computer, if a vulnerability is found, attackers can try to obtain the user name and password, which is very dangerous.

Operation suggestion: if you do not need to provide file and printer sharing, we recommend that you disable this port.
Close port 139
1. Right-click the "local connection" icon in the lower right corner of the desktop and select "status ".



2. In the pop-up "local connection status" dialog box, click "properties.



3. In the displayed "Local Connection Properties" dialog box, select "Internet Protocol (TCP/IP)" and double-click it.


4. In the displayed "Internet Protocol (TCP/IP) properties" dialog box, click "advanced.



5. In the "Advanced TCP/IP Settings" dialog box that appears, select the "WINS" tab.



6. On the WINS tab, under NetBIOS settings, select disable NetBIOS on TCP/IP.



7. Click "OK" and restart the instance to disable port 139.
 
445The port is a mixed port. With it, we can easily access various shared folders or printers in the LAN, but it is precisely because of it that hackers have the opportunity, they can secretly share your hard disk through this port, and even secretly format your hard disk! What we can do is to try to prevent hackers from taking advantage of 445.Port vulnerability.
 
Disable 445Port
 
1. Click Start> Run and enter regeditClick OK to open the registry.
 


 
2. Find the registry key "HKEY_LOCAL_MACHINE \ System \ Controlset \ Services \ NetBT \ Parameters ".".
 


3. Select "Parameters ".", Right-click, and choose" New ">" DWORD"Value ".
 


4. Change DWORDThe value is named "SMBDeviceEnabled ".".
 

 
5. Right-click "SMBDeviceEnabled"Value, and select "modify ".
 

 
6. In the displayed "Edit DWORD" dialog boxIn the "value" dialog box, enter "0" under "value data ".Click OK to complete the settings.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.