Our firewall is not often someone to attack your XXX port? If you turn off the corresponding useless port, it's okay?
In general, we use a number of powerful anti-black software and firewalls to ensure our system security, this article is an easy way to help prevent illegal intrusion by restricting ports-----how to shut down some ports in the system, and how to turn off the default shared C $, d$, admin$, ipc$ and so on.
The way of illegal intrusion
In short, the way of illegal intrusion can be roughly divided into 4 kinds:
1, scan the port, through the known system bugs into the host.
2, planting Trojans, using Trojans to open the back door into the mainframe.
3, the use of data overflow means, forcing the host to provide backdoor access to the mainframe.
4, the use of some software design loopholes, direct or indirect control of the host.
The main ways of trespassing are the first two, especially the use of some popular hacking tools, the first way to attack the host is the most and most common, and the latter two ways, only a number of sophisticated hackers to use, the spread is not widespread, and as long as the two problems appear, software services providers will soon provide patches and repair the system in time.
Therefore, if the first two types of illegal intrusion can be limited, it can effectively prevent the use of hacker tools of illegal intrusion. And the first two kinds of illegal intrusion methods have one thing in common, is through the port into the host.
A port is like a few doors in a house (server), and different doors lead to different rooms (servers provide different services). Our common FTP default port is 21, while the General WWW Web page default port is 80. But some sloppy network administrators often open some easily intrusive port services, such as 139, and a number of Trojan programs, such as glaciers, BO, wide and so on are automatically open up a you do not detect the port. So, as long as we have not used the port all blocked up, not to eliminate these two illegal invasion?
Here are the examples of ports that are closed, 135,137,138,139,445,1025,2475,3127,6129,3389,593, and TCP, and I'm not going to point it out.
The specific actions are as follows:
Windows has many ports that are open by default, and Internet viruses and hackers can connect to your computer via these ports when you surf the Internet. In order to make your system a fortress, you should close these ports, mainly: TCP 135, 139, 445, 593, 1025 ports and UDP 135, 137, 138, 445 ports, some popular virus backdoor ports (such as TCP 2745, 3127, 6129 ports), and remote service access port 3389. The following describes how to close these network ports under WINXP/2000/2003.
First, click on the "Start" menu/setup/Control Panel/Admin tool, double-click to open Local Security policy, select IP Security Policy, on local computer, right-click in a blank location in the right pane, pop-up shortcut menu, select Create IP Security Policy, and then pop up a wizard. In the wizard, click the "Next" button, name the new security policy, and then press "next" to display the "Secure Communications Request" screen, remove the hook to the left of the "Activate Default Rule" button on the screen, and click "Finish" to create a new IP Security policy.
When you click OK to go back to the Filter List dialog box, you can see that you have added a policy, repeat the steps to continue adding TCP 137, 139, 445, 593 ports, and UDP 135, 139, 445 ports, and set up the appropriate filters for them.
Repeat the above steps to add TCP 1025, 2745, 3127, 6129, 3389 port shielding policy, set up the above port filter, and finally click the "OK" button.
Step fourth, in the New Rule Properties dialog box, select New IP filter list and click on the circle to the left to add a point indicating that it has been activated, and then click the Filter Action tab. In the Filter Actions tab, remove the hook to the left of the "Use Add Wizard" and click the "Add" button to add a "block" action: In the Security tab of the new Filter action properties, select Block, and then click OK.
Step fifth, go to the New Rule Properties dialog box and click "New Filter Action", the circle on the left adds a point indicating that it has been activated, clicks the Close button, closes the dialog box, returns to the new IP Security Policy Properties dialog box, hooks to the left of the new IP filter list, and presses OK button to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and choose Assign.
At this point you will be able to computer, reboot, the computer above the network port is closed, at this time the virus and hackers should be unable to connect these ports, thereby protecting your computer
Here's how to turn off the default shared C $, d$, admin$, and ipc$ under Windows.
You should know that there will be a default share under Windows 2000 and Windows XP, viruses and hackers can also access your computer in this way to destroy your files and even remotely control your computer, and you should remove these default shares (in fact, these default shares are for you personally, There are only a few harm and no benefit, at this time my personal opinion oh, have the opinion that you mention yo.
The second step, right-click the IP Security Policy, and in the Properties dialog box, remove the hook to the left of the Use Add Wizard, and then click the Add button to add a new rule, and then pop the new Rule Properties dialog box, click the Add button on the screen, and pop up the IP Filter List window; In the list, first put the Use the Add Wizard to remove the hook on the left, and then click the Add button on the right to add a new filter.
Step three, enter the Filter Properties dialog box, where you first see the addressing, select "Any IP address" from the source address, choose "My IP Address" for the destination address, click the "Protocol" tab, choose "TCP" in the "Select protocol type" Drop-down list, and then enter "135" in the text box under "to this port". Click on the "OK" button to add a filter that shields the TCP 135 (RPC) port from being connected to your computer via port 135.
Let's start with the Windows XP operating system, XP is no more than 2000 so easy to deal with it, before I found a way, in the QQ Encounter "Love", asked, did not think he did not think of the method, after about 15 minutes, when I have found on the Internet with net share *$/ Del this method, "seal the Feeling" also told me to use this command, really great minds alike.
If you are a computer that is rarely used occasionally, you can choose "Run" from the "Start" menu and enter "net share *$/del" (* representing the name of the share you want to delete). But after the next boot will have this default sharing, how to completely complete in the boot after the default sharing, Follow me, let's go.
Now it's time to say how Windows will automatically turn off all default shares after powering up, Windows 2000 and Windows XP are similar here, choose Run from the Start menu, fill in "regedit", and open the registry [Hkey_local_ Machinesoftwaremicrosoftwindowscurrentversionrun] Branch, under which new "string value", named can be arbitrary, such as "delsharec$", the right mouse click, in the pop-up shortcut menu, left-click "Modify", Enter the "net share C $/del" (excluding quotes) in the Value data column of the Edit String window that appears, pressing the OK button. Similarly add "string value" such as "delshared$", "Value data" is "net share d$/del", and so on, there are a few partitions to add to, including "net share admin$/del" and so on, note: Here is the case. After you save the registry restart your computer, you will be able to automatically turn off these special shared resources.
However, you have not found that the "net share ipc$/del" This command for "ipc$" does not have any effect, it is still the default sharing how to do??? (Actually this step is enough, no need to close the ipc$)
Here, I would also like to thank my training teacher "Mozart", he taught me how to permanently turn off the ipc$ and default shared-dependent services: LanManServer, the Server service, also need to go to the "management tools" in Control Panel, find "service" in the Server service (right-click) into "Properties", click "General", select "Disabled" in "Startup Type", and turn off the default sharing of ipc$. But this will have a certain negative effect, once you shut down the default sharing of ipc$, a lot of server services you can not use, but also may occur you can not access other computers in the LAN, please use CAUTION!!
It's written here, and the hands are sour, also quick to work, I hope this article can be helpful to everyone, but also welcome to other forums, but please respect the reprint, please respect my labor, please mark the original in the reprint of the Chinese shield is less, thank you!!
Today, we saw a netizen on the Chinese Shield Snowxwolf posted another article about shutting down Windows default share, because I didn't practice it, so I turned around here to add a little bit of content is Snowxwolf provide:
Cancel Windows 2000/xp default sharing
After Windows 2000 is installed, some hidden shares are created and we see these shares through the "net share" command: admin$,ipc$,c$,d$,e$ ... These default shares can be stopped by the "sharing" command on the right-click menu, but are automatically restored after the system restarts. For system security, we should completely remove these default shares immediately after Windows 2000 is installed.
If you want to prohibit sharing of C $, d$, and e$, you can click the start → Run command, type "Regedit" in the Run window, and then enter to open Registry Editor. Expand the [hkey_local_machinesystemcurrent-controlsetserviceslanmanserverparameters] branch in turn and dowrd the value in the right window AutoShareServer "Set to 0".
If you want to prevent admin$ sharing, you can set the DOWRD value "AutoShareWks" in the right window to "0" under the same branch.
If you want to prevent ipc$ sharing, you can expand the [Hkey_local_machinesystemcurrentcontrolsetcontrollsa] branch in Registry Editor, and then the DOWRD value in the right window RestrictAnonymous "Set the value to 1".
Interested users can try (the proposal to back up a good registry), however, all the consequences of what happened with me is not responsible for reference only!!