Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: port 135

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: port 135

    If you notice the .img in the post further down, the epmap, netbios-ns, netbios-dgm, netbios-ssn and microsoft-ds ports are all seen as stealthed in the grc.com port scan results. This is not because the PC hs stealthed the ports, but because my internet provider blocks these ports off in their own servers. This is done in part due for added security, but it is chiefly a form of traffic restriction (restricts the providers clients from using these between themselves).

    If the advice in the posts below is properly followed, the epmap (port 135) will be permanently closed without using a software tool or utility. The other ports, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds, complex-main (UPnP) and can be easily closed using proper steps without using any software tool. If a tool is desired to be used , then try this one.

    Best regards, Oldsod
    Best regards.
    oldsod

  2. #12
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: port 135

    WATCHER

    I had no intention of "trumping" your responces.

    The poster will follow your registry hack advice and now wonder about these worms and open ports and about the ICMP issues. The poster will still have the port shown as open in the next following grc.com ShieldsUp! port scan.
    The poster's open port 135 issue will not be resolved and add to that the poster will have even further newer worries.

    Best regards, Oldsod
    Best regards.
    oldsod

  3. #13
    watcher Guest

    Default Re: port 135

    Dear Oldsod:

    That statement was a compliment for your efforts. Your responses were far more comprehensive than mine would have been and I thank you for taking the time to do them.

    As for my Registry tweaks, this was the only way to permanently close port 135. I had long ago performed the front-end configuration advice you gave:

    <hr>

    The usual methods of closing the port 135 in the Windows OS is to disable the NetBIOS over TCP/IP in the Properties of the Network connections and disable the File and Printer Sharing. Usually followed up by disabling the TCP/IP NetBIOS Helper service.

    <hr>

    Port 135 still showed up when using the netstat -abno command. Once I did the Registry edits, port 135 no longer showed up.

    As for the other info I gave, that was merely background on hackers. It was not meant to confuse or create FUD, the latter of which I know you don't like. My intention was to inform. If alexor had any further questions, I would certainly follow them up.

    Take Care,

    WATCHER

  4. #14
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: port 135

    Thank you WATCHER for your kind words.

    I posted extensively and normally do not such. Usually a waste of time/effort in most of the circumstances.
    There is a lot more depth, scope and range that could have been added, but I limited the posts to just some of the barebones basics. I wished to remove any misconceptions or misunderstanding the initial poster may have received or had been conveyed.

    The one registry fix advocated does not remove the windows from using the port 135 to the LAN or internet, just internally on the localhost. Please see Daniel Petri (MVPS) article here and TechNet article and minimization of windows resources.
    Also of interest, found here.

    Best regards, Oldsod
    Best regards.
    oldsod

  5. #15
    watcher Guest

    Default Re: port 135

    Dear Oldsod:

    Thanks for the links, I looked at them briefly and saved them for further in-depth analysis later.

    To clarify, I listed 2 Registry fixes and, from my experience, it took port 135 out of my netstat output.

    Take Care,

    WATCHER

  6. #16
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: port 135

    OK it's out of netstat, but is it out of the user's firewall port scan?
    Oldsod
    Best regards.
    oldsod

  7. #17
    watcher Guest

    Default Re: port 135

    Dear Oldsod:

    The only way to answer your question would be to turn off my ZAPRO firewall to test. GRC's Shields UP shows all green(for stealth) with ZAPRO active(mine). I don't wish to expose my PC to test it. I would say that a GRC test would show it as blue(closed) because if it was in any other state, netstat would show it.

    WATCHER

  8. #18
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: port 135

    This is how all of my machines look like with no firewall (hard or soft):
    <center></center>

    First I tweak, and then I test it.

    It is easy to try and test. You could just scan the ports your self using administrative tools. It is always better to have proof, for yourself, first before giving the advise as being true to others. Cheers, Oldsod

    Message Edited by Oldsod on 01-24-2008 01:58 AM
    Best regards.
    oldsod

  9. #19
    watcher Guest

    Default Re: port 135

    Dear Oldsod:

    Your image only shows me that ports 135, 137-139, and 445 are listed as stealth, with all others closed. It's a secure PC. Doesn't prove your point which I assume was that these would show up as red(open) if the ISP or Internet backbone router was not blocking the scans of these specific ports from GRC's server.

    To be fair, I shut down the firewall for a few seconds, just for you, had GRC's server scan for open ports, and my results were that I had even more stealthed ports than you. My results were as follows: ports 74, 77, 135, 137, 139, 394-401, 403-404, 409, 411, 445, 593, and 1027-1029 stealthed, port 1026 open, with the remainder closed. According to my ISP, they don't do any blocking(so they say) and I have no intervening router on my dial-up connection. So, EITHER, a backbone Internet router or other connectivity device is blocking scans of these ports somewhere or, MAYBE, all the Registry tweaks I've done on my PC make it more secure than yours. My point is, my Registry tweaks listed for alexor work as I've done them myself.

    I've used port scanners against firewalled PCs before. You don't receive back any info, period, about whether the ports are open or closed. Makes it pretty hard to attack.

    I now have a GRC image result of my PC with no protection enabled. Not that I can make any interpretation of it other than that it is secure.

    WATCHER

  10. #20
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: port 135

    HI WATCHER

    Tweaking will not stealth ports. Just close them. A firewall will only do the stealthing and nothing else. Obviously these ports are blocked/stealthed/open somewhere before the PC. It looks like your port scan result is lopsided if there is a hardware firewall in front somewhere- this is not your PC getting tested and instead the server inbetween got tested. Still this is not a true port scan of your PC.

    Tried a port scan using another PC on the LAN which skips the ICMP and tries the usual three way handshake? The port status will be apparent as to whether these are closed or open depending on the responses from the ports. The usual online port scan does the test using TCP and HTTPS, not ICMP. ICMP does not indicate port status.

    Oldsod

    Message Edited by Oldsod on 01-25-2008 11:33 AM
    Best regards.
    oldsod

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •