-
May 19th, 2005, 06:57 PM
#1
Member
how do I make a rule to close port 135 on zonealarm Pro/?
I went to grc.com and did a scan I am stealth except for port 135?
I am trying out zonalarm pro but I think i might BUY the Mcafee version???
because it has all the map trace features and better graphics and colors,
but I need your advice first?
please help me close this port from the china scanenrs/hacks..
waiting now...
Thanks for a quick reply as we are vulnerable as I type!
-
May 19th, 2005, 07:16 PM
#2
Disable file and print sharing???
Disable MS Network Client?
What OS??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 19th, 2005, 07:19 PM
#3
Hi
closing ports
In most home-user environments, Port 135 is not needed
to be open. What about closing it? Then, even if you have
misconfigured your firewall, there is no-one listening
There is an excellent tool[1] for (Win2kx, WinXP), which allows
you to close Port 135 (RPC), 137-139 (SMB via Netbios),
445 (SMB via TCP/IP, RPC) and 5000 (UPnP). If you are
sharing some folders with friends, I simply would close
Port 135 and be sure to configure your firewall properly,
ie only allow SMB access for some specific IP numbers.
firewalls
I really loved tiny 2.0, but since XP SP1 it does not work
anymore. Since then, I cannot really recommend anything.
To some extend, I like Outpost. Check the reviews here[2].
/edit: actually, it is quite embarassing that ZoneAlarm Pro
does not close this port by default. I cannot help you with
the specific configuration, I apologize, but you should be able
to define rules? The rule should configure the behaviour of
Svchost/System- have a glance at my tutorial[3]. Is it a warez-
version or did you buy it?
open port 135 or others?
Why is a port open? Maybe there is malicious software, e.g.
backdoors/trojans? Check foxyloxley's tutorial as a starting
point[4] and make sure to have an updated virus scanner
installed. I recommend AVG[5] and try the housecall[6] as well,
just to make sure Note, that virus scanners do not guarantee
for a 100% backdoor/trojan free system.
Cheers
[1] http://www.firewallleaktester.com/wwdc.htm
[2] http://www.antionline.com/showthread...hreadid=265820
[3] http://www.antionline.com/showthread...hreadid=264811
[4] http://www.antionline.com/showthread...hreadid=265440
[5] http://free.grisoft.com/doc/1
[6] http://housecall.trendmicro.com/
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
May 19th, 2005, 07:33 PM
#4
Member
I run XP-Home, using Zonealarm, dont shrare nuthing with nobody, but I am still trying to learn how to work XP, I want to shre "PRGRAMS" like my html-editor with all accounts? no one has been abled to tell me how to do that?
anyway back to port 135 i have selected and disabled Netbios and file shring first thing I did when I got my hads on this machine, the port still seems to be open?
ok open for any suggetsions
-
May 19th, 2005, 07:39 PM
#5
Hi
Port 135 is related to the RPC mechanism and has nothing to do
with Netbios/CIFS/SMB etc. You can close the port by disabling the
DCOM+ etc. functionality using the tool[1] I have pointed to. The
RPC service itself is integral part of the OS and cannot be turned off.
As said, in ZoneAlarm create a rule for SVCHOST.exe, which is related
to port 135.
Good luck.
[1] http://www.firewallleaktester.com/wwdc.htm
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
May 19th, 2005, 07:47 PM
#6
Member
will this affect other services/websites etc?
This seems to be related to Mr. gibsons link
http://www.grc.com/dcom/
The link you gave is much better...Kewl!
as well, the link you gave me seems to offer a "close" on the port,which I am headed to now, but tell me this..please, will this interfere with ANYthing else on my system?...
If so please explain....
Thanks again!
-
May 19th, 2005, 07:57 PM
#7
Hi
There are only few services which depends on RPC binding on Port 135,
the most important one is the Scheduler service. In most cases,
you won't need it, because most programs, which update or scan
the system, run their own scheduler. On one laptop I use for
travelling, I can do everything I want - without any listening port
and, yes, I used the tool I linked to. Anyway, you always can enable
it, if something seems broken.
Steps:
1. close the ports, e.g. using the above tool
2. read the specific documentation of ZoneAlarm to learn how to
define a rule, or modify a rule, in relation with svchost.exe
Cheers.
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
May 19th, 2005, 08:21 PM
#8
Member
Now the grc.com shields up test does not work for me?, must have been the new change cloing port 135?
body background="http://image.grc.com/background.gif" leftmargin=0 rightmargin=0 topmargin=0 bottommargin=0 frameborder=0 marginwidth=0 marginheight=0 text=black link="#CC0000" vlink="#006666" alink="#FF0000
that's all I get? above?
where can I do a good port probe? online?
sorry to be such a pest
grc aint working? maybe its the site... YEP!
it was the site
testing now will update with results with an edit here...
all stealth wheeew! feel much better now and thank you for all your support, I guess Zonealarm Pro is way better than McAfee graphically cute firewall+6?? there a way to do a Trcae to who it from ZA-Pro?
-
May 19th, 2005, 10:27 PM
#9
Well please don’t get to comfortable with that there all stealth determination presented by GRC. That does not necessarily mean you are safe. Make sure you established a layered defense. Plenty of threads already in AO on how to do that and also on proper expectations from GRC’s results, so I’ll skip over that.
When you get comfortable with a hex editor and tweaking your registry, here’s another way to address good ole 135.
This is a step by step provided by a chap named Rodney from another forum:
1) run regedit.exe
2) goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
save ImagePath data.
3) restart the computer. it may take longer time to start, and it may give you some errors, & also it may change windows xp taskbar but this will return to normal after returning the ImagePath data (click the file you have exported) or you can pasting the data you saved.
4) you need hex editor to open this file
c:\windows\system32\rpcss.dll in hex,binary
find this number 1.3.5 in hex 31 00 33 00 35 in the file(this is the port number)
5) change this to 0.0.0 in hex 30 00 30 00 30 (port 0 does not exist)
6)run regedit.exe and goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\RpcSs and returning the ImagePath data (you can just click the file you have exported) or you can pasting the data you saved.
7)restart the computer
8)run netstat -a in cmd to check the port
cheers
(gotta go watch the new star wars)
Connection refused, try again later.
-
May 20th, 2005, 01:09 AM
#10
Member
RE:editors and BIN * OCTAL systems DOS?
I started assembly language with the old Z-80processor,remember DOS, the Radio Shack "Trash 80" member that Helicopter game I think istillhave somewhere on a 5x5 floppy,hah!
well I guess this dates me a little but by no means do I know a whole lot, just enough to get my settings screwed up, I do remember learning the BINARY system and OCTAL(8) along with the DECI(base 10) obviously.... Hexadecimal was fun,I had to learn to pass my prcessors class,years ago, but I haven't messed with that stuff in years but sure would like to know a link to a free hex-editor converter if there is such a thing?
Relyt that sounds like the way i used to do things back in the DOS days, nevertheless very effective, grin, I still love BASIC and DOS, its been awhile so for now just trying to hone my skills in on this XP system . I am debating what firewall to BUY, going to read the suggested layered securities posts, etc,etc,..
Thanks!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|