Server|window First run regedit, find the following build [Hkey_local_machine\system\currentcontrolset\co Ntrol\lsa] RestrictAnonymous = The key value of the DWORD is changed to: 00000001.
RestrictAnonymous REG_DWORD
0x0 Default
0x1 Anonymous users cannot enumerate the list of native users
0x2 Anonymous users cannot connect to the native ipc$ share
Description: It is not recommended to use 2, or it may cause some of your services to fail to start, such as SQL Server
2. Prohibit default sharing
1 View local shared resources
Run-cmd-input net share
2 Delete Share (one at a time)
NET share ipc$/delete
NET share admin$/delete
NET share C $/delete
NET share d$/delete (if there is a e,f,...... can continue to delete)
3) Modify registry Delete share
Run-regedit
Locate the following primary key [Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters] Change the key value of AutoShareServer (DWORD) to: 00000000. If the primary key mentioned above does not exist, create a new (right-click-New-Double-byte value) and change the key value.
3. Stop Server service
1) Temporarily Stop Server service
net stop server/y (Server service will reopen after reboot)
2 permanently turn off ipc$ and default shared-dependent services: LanManServer is Server service 4, install firewall (check related settings), or port filter (filter out 139,445 etc.)
1. undo File and Printer sharing bind the mouse right click on the desktop [Network Neighborhood]→[Properties]→[local connection]→[properties], remove the Microsoft Network
File and Printer Sharing "front of the check to unlock file and printer sharing bindings. This will prohibit all from 13
9 and 445 ports to the request, others will not see the sharing of the machine.
2). Using TCP/IP filtering
Right-click on the desktop [Network Neighborhood]→[Properties]→[local connection]→[properties] to open the Local Area Connection Properties dialog box. Select the Internet Protocol (TCP/IP)]→[Properties]→[advanced]→[Options], click to select the TCP/IP filter option in the list. Click the Properties button, select Allow only, and then click the Add button (Figure 2) to fill in the port that you want to use except for 139 and 445. This will not respond if someone scans the 139 and 4,452 ports using the scanner.
3. Use IPSec security policy to block access to ports 139 and 445
Select [My Computer]→[Control Panel]→[Management tool]→[Local Security policy]→[IP security policy, in the local machine], where you define an IPSec security policy rule that prevents any IP addresses from accessing IP addresses from the TCP139 and TCP445 ports, so that when someone uses a scanner scan, The 139 and 4,452 ports on this machine will not give any back
Should.
4). Use firewall to protect against attack
You can also set the firewall to prevent other machines from using native sharing. As in "Skynet Personal Firewall," Select an empty rule, set packet direction to "receive", the other IP address selected "Any address", the protocol is set to "TCP", the local port is set to "139 to 139", the other port set to "0 to 0", set the flag bit is "SYN", the action is set to "intercept" , and then click the OK button and select this rule in the custom IP Rules list to start intercepting the 139 port attack (Figure 3).
5, to all accounts to set up a complex password to prevent through ipc$ poor lift password
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
