Results 1 to 10 of 23

Thread: port 135

Hybrid View

  1. #1
    alexor Guest

    Default port 135

    hii have ZA 7.0.462.000i noticed 2 week ago when
    test my firewall security in grc.com and it say port 135 is open and yesterday i close it.i have many importan info on pc.can anyone hack my pc from this port? (1 or 2 month ago)sorry for bad english.thanks.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: port 135

    Dear alexor:

    To close port 135 permanently, you must edit the Registry, specifically:

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSs

    Add the following value name:

    ListenOnInternet=N

    Also, go to the following Registry subkey:

    HKLM\SOFTWARE\Microsoft\OLE

    Change the following value name to this data value:

    EnableDCOM=N

    Please post your results.

    WATCHER

  3. #3
    alexor Guest

    Default Re: port 135

    thanks for your reply.but my question is this:can anyone hack my pc 1 or 2 month ago when my 135 port is open?

  4. #4
    watcher Guest

    Default Re: port 135

    Dear alexor:

    Having an unused port open is a vulnerability. Hackers can use exploits for that port to attack your PC. Port 135 was used by the Blaster worm in 2003. It shut down the vital service, Remote Procedure Call, which caused the PC to reboot. The worm's executable was placed in the HKLM\...\Run subkey so that when the computer rebooted, the RPC service shut down again, causing another reboot, in an unending cycle. In addition, an infected computer connected to the Internet would scan for other vulnerable PCs on the Internet, infecting them. The Blaster worm merely caused a denial of service(DoS)condition, with no actual damage done to the operating system, program files, or data resident on the PC.

    You should be conducting scans weekly with an antivirus and antispyware programs to remove malware infections. The best method, though, is prevention, and a firewall such as ZA's does a good job of closing ports not in actual use.

    There are many types of hackers based upon their motivations and skillset. Many perform reconnaissance of their target prior to attacking. One of the ways they do this is to use the ICMP protocol for pinging IP address ranges looking for active hosts. Port scanning comes next to determine open ports and learn what software/services are running on the target host. What comes next depends upon what the hacker wants to do, which usually falls under data theft/deletion, DoS, extortion, and/or causing as much damage as possible.

    Hope this helps.

    WATCHER

  5. #5
    alexor Guest

    Default Re: port 135

    Thanks a lot.
    i have adsl and have many attacks on port 135 and now ZA block them.but 1 month ago when my port 135 is open i see connection on epmap (port 135) for 1 second with "time_wait" state.any risk?

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: port 135

    First and foremost, the ZA always has all ports always closed and stealthed in it's default settings.
    If the port is found to be open to the internet, by a port scan test, I would suspect either an application in the ZA program list has been given server rights for the internet or the adsl modem or the router(?) has some form of a NAT firewall. The NAT in the modem will have to be adjusted to have the port 135 closed or if a router is being used, then open the router and close the port. .

    The blaster worm vulnerability in the Windows for the port 135 has been corrected in the Windows updates several years ago. Not such a sever issue from a few years ago, when the worm first appeared. If you have all your required updates or SP2, then you are safe from this specific worm.

    The usual methods of closing the port 135 in the Windows OS is to disable the NetBIOS over TCP/IP in the Properties of the Network connections and disable the File and Printer Sharing. Usually followed up by disabling the TCP/IP NetBIOS Helper service.

    But I really suspect the port is opened in the hardware before the PC and not in the PC itself. To verify this issue, start the grc.com port scan ShieldsUp! test and observe the IP shown as being tested at the grc.com site. Then do the ipconfig /all to determine the correct IP of the PC. Now observe both the grc.com IP that is shown and the IP in the ipconfig /allI. If the two IPs match, then it is the PC firewall that will be tested. If the two IPs do not match, then it is the hardware firewall getting tested and not the PC.

    Since the ZA is dropping any connections attempts to the PC throught the port 135, I would also assume the port is not open in the ZA and it is open in the hardware firewall of either the modem or the router.
    Further more, since the ZA is dropping all of the inbound connections attempts, then the ZA is performing it's job and keeping the PC safe and secure.

    Best regards, Oldsod
    Best regards.
    oldsod

  7. #7
    watcher Guest

    Default Re: port 135

    Dear alexor:

    Oldsod has trumped any response I would have given to you re your question. His responses should answer any questions you may have had. In addition, if you want some more info re port 135, Gibson Research Corporation has both a good article and free utility for testing port 135 status on your PC. Here is the link:

    http://www.grc.com/freeware/dcom.htm

    Hope this helps.

    WATCHER

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •