Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: how do I make a rule to close port 135 on zonealarm Pro/?

  1. #1
    Member
    Join Date
    May 2005
    Posts
    39

    how do I make a rule to close port 135 on zonealarm Pro/?

    I went to grc.com and did a scan I am stealth except for port 135?

    I am trying out zonalarm pro but I think i might BUY the Mcafee version???

    because it has all the map trace features and better graphics and colors,
    but I need your advice first?
    please help me close this port from the china scanenrs/hacks..
    waiting now...
    Thanks for a quick reply as we are vulnerable as I type!

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Disable file and print sharing???

    Disable MS Network Client?

    What OS??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    closing ports

    In most home-user environments, Port 135 is not needed
    to be open. What about closing it? Then, even if you have
    misconfigured your firewall, there is no-one listening

    There is an excellent tool[1] for (Win2kx, WinXP), which allows
    you to close Port 135 (RPC), 137-139 (SMB via Netbios),
    445 (SMB via TCP/IP, RPC) and 5000 (UPnP). If you are
    sharing some folders with friends, I simply would close
    Port 135 and be sure to configure your firewall properly,
    ie only allow SMB access for some specific IP numbers.

    firewalls

    I really loved tiny 2.0, but since XP SP1 it does not work
    anymore. Since then, I cannot really recommend anything.
    To some extend, I like Outpost. Check the reviews here[2].
    /edit: actually, it is quite embarassing that ZoneAlarm Pro
    does not close this port by default. I cannot help you with
    the specific configuration, I apologize, but you should be able
    to define rules? The rule should configure the behaviour of
    Svchost/System- have a glance at my tutorial[3]. Is it a warez-
    version or did you buy it?

    open port 135 or others?

    Why is a port open? Maybe there is malicious software, e.g.
    backdoors/trojans? Check foxyloxley's tutorial as a starting
    point[4] and make sure to have an updated virus scanner
    installed. I recommend AVG[5] and try the housecall[6] as well,
    just to make sure Note, that virus scanners do not guarantee
    for a 100% backdoor/trojan free system.

    Cheers


    [1] http://www.firewallleaktester.com/wwdc.htm
    [2] http://www.antionline.com/showthread...hreadid=265820
    [3] http://www.antionline.com/showthread...hreadid=264811
    [4] http://www.antionline.com/showthread...hreadid=265440
    [5] http://free.grisoft.com/doc/1
    [6] http://housecall.trendmicro.com/
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  4. #4
    Member
    Join Date
    May 2005
    Posts
    39
    I run XP-Home, using Zonealarm, dont shrare nuthing with nobody, but I am still trying to learn how to work XP, I want to shre "PRGRAMS" like my html-editor with all accounts? no one has been abled to tell me how to do that?

    anyway back to port 135 i have selected and disabled Netbios and file shring first thing I did when I got my hads on this machine, the port still seems to be open?

    ok open for any suggetsions

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Port 135 is related to the RPC mechanism and has nothing to do
    with Netbios/CIFS/SMB etc. You can close the port by disabling the
    DCOM+ etc. functionality using the tool[1] I have pointed to. The
    RPC service itself is integral part of the OS and cannot be turned off.

    As said, in ZoneAlarm create a rule for SVCHOST.exe, which is related
    to port 135.

    Good luck.

    [1] http://www.firewallleaktester.com/wwdc.htm
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  6. #6
    Member
    Join Date
    May 2005
    Posts
    39

    will this affect other services/websites etc?

    This seems to be related to Mr. gibsons link
    http://www.grc.com/dcom/

    The link you gave is much better...Kewl!


    as well, the link you gave me seems to offer a "close" on the port,which I am headed to now, but tell me this..please, will this interfere with ANYthing else on my system?...
    If so please explain....
    Thanks again!

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    There are only few services which depends on RPC binding on Port 135,
    the most important one is the Scheduler service. In most cases,
    you won't need it, because most programs, which update or scan
    the system, run their own scheduler. On one laptop I use for
    travelling, I can do everything I want - without any listening port
    and, yes, I used the tool I linked to. Anyway, you always can enable
    it, if something seems broken.

    Steps:
    1. close the ports, e.g. using the above tool
    2. read the specific documentation of ZoneAlarm to learn how to
    define a rule, or modify a rule, in relation with svchost.exe


    Cheers.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  8. #8
    Member
    Join Date
    May 2005
    Posts
    39
    Now the grc.com shields up test does not work for me?, must have been the new change cloing port 135?
    body background="http://image.grc.com/background.gif" leftmargin=0 rightmargin=0 topmargin=0 bottommargin=0 frameborder=0 marginwidth=0 marginheight=0 text=black link="#CC0000" vlink="#006666" alink="#FF0000

    that's all I get? above?
    where can I do a good port probe? online?

    sorry to be such a pest
    grc aint working? maybe its the site... YEP!
    it was the site
    testing now will update with results with an edit here...

    all stealth wheeew! feel much better now and thank you for all your support, I guess Zonealarm Pro is way better than McAfee graphically cute firewall+6?? there a way to do a Trcae to who it from ZA-Pro?



  9. #9
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Well please don’t get to comfortable with that there all stealth determination presented by GRC. That does not necessarily mean you are safe. Make sure you established a layered defense. Plenty of threads already in AO on how to do that and also on proper expectations from GRC’s results, so I’ll skip over that.

    When you get comfortable with a hex editor and tweaking your registry, here’s another way to address good ole 135.

    This is a step by step provided by a chap named Rodney from another forum:

    1) run regedit.exe

    2) goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
    save ImagePath data.

    3) restart the computer. it may take longer time to start, and it may give you some errors, & also it may change windows xp taskbar but this will return to normal after returning the ImagePath data (click the file you have exported) or you can pasting the data you saved.

    4) you need hex editor to open this file
    c:\windows\system32\rpcss.dll in hex,binary
    find this number 1.3.5 in hex 31 00 33 00 35 in the file(this is the port number)

    5) change this to 0.0.0 in hex 30 00 30 00 30 (port 0 does not exist)

    6)run regedit.exe and goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
    es\RpcSs and returning the ImagePath data (you can just click the file you have exported) or you can pasting the data you saved.

    7)restart the computer

    8)run netstat -a in cmd to check the port


    cheers

    (gotta go watch the new star wars)
    Connection refused, try again later.

  10. #10
    Member
    Join Date
    May 2005
    Posts
    39

    RE:editors and BIN * OCTAL systems DOS?

    I started assembly language with the old Z-80processor,remember DOS, the Radio Shack "Trash 80" member that Helicopter game I think istillhave somewhere on a 5x5 floppy,hah!
    well I guess this dates me a little but by no means do I know a whole lot, just enough to get my settings screwed up, I do remember learning the BINARY system and OCTAL(8) along with the DECI(base 10) obviously.... Hexadecimal was fun,I had to learn to pass my prcessors class,years ago, but I haven't messed with that stuff in years but sure would like to know a link to a free hex-editor converter if there is such a thing?

    Relyt that sounds like the way i used to do things back in the DOS days, nevertheless very effective, grin, I still love BASIC and DOS, its been awhile so for now just trying to hone my skills in on this XP system . I am debating what firewall to BUY, going to read the suggested layered securities posts, etc,etc,..

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •