With all of the "new" RPC exploits surfacing, I thought I would share a few simple tips on how to protect yourself.

I will be pointing out how to prevent RPC port 135 from listening, by applying a few simple registry tweaks. I will also explain how to disable SMB port 445 from listening by disabling NetBT.

All of these tweaks are geared towards the average home user running WinXP Home. If you are unsure whether you need these services/ports to be running, then please just download the patch below. Also make sure that you make a backup of your registry before attempting these tweaks!

If you feel more comfortable, you may visit: http://www.microsoft.com/technet/tre...n/MS03-026.asp to download the patch to correct this RPC Buffer Overflow Exploit. Also make sure that all other security patches have been downloaded. You can check which MS patches have been installed by navigating to the Control Panel>Add/Remove Programs and look for any HotFixes along with their HotFix Reference IDs that were installed. You may then do a search on Microsoft's site or on Google, to see which patches these HotFix codes correspond to.

Above all, the first step (if you haven't already) is to install a reliable firewall. Also, make sure that this firewall is properly configured. You can find numerous tutorials explaining how to do this here on AO, just conduct a search.

A properly configured firewall will protect you from a majority of attacks, but if all else fails (and I'm hoping it doesn't) these tweaks will insure that some of the more vulnerable ports are closed.

With all of this in mind, let's continue...

First open up regedit by going to Start>Run>and typing in regedit and clicking OK.

Next, backup your registry by going to File>Export>then type in an appropriate name and make sure the export range option is set to All. Then click on Save.

This first tweak will disable DCOM. Port 135 listens for remote activation requests
of COM objects. A lot of programs have support for Distributed Communication (DCOM), but scarcely ever use it.

Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

Look on the right-hand panel for a value named EnableDCOM. By default it should be set at Y, change this to N. This will disable DCOM.

WinXP Pro users may configure DCOM by simply going to Start>Run>and typing in C:\WinNT\System32\Dcomcnfg.exe and clicking OK.

This next tweak will prevent DCOM from using IP based RPC protocol sequences.

Next, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc

Look on the right-hand panel for a value named DCOM Protocols. Do not modify the entire value, but instead only remove ncacn_ip_tcp from the DCOM Protocols value, and leave everything else untouched.

The next tweak will close port 445 by disabling NetBT.

Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

Look on the right-hand panel for a value named TransportBindName. By default it should be set at \Device\. Delete the value named \Device\, so that TransportBindName remains empty.

Restart your computer after you have applied these tweaks. If something doesn't function properly, simply open up regedit and go to File>Import and import the backed-up registry file that you made earlier, and your registry will be returned to it's earlier state.