microsoft.public.windowsxp.security_admin
back to index
From: "Allan"
Date: Friday, March 21, 2008 1:56 PM
Subject: Re: Tech Tip: This is how You Disable Dcom & close Down Port 135
"Marbles"
news:65E18DE0-1DC0-4C1B-8F16-E5D3E3B2272A@microsoft.com...
> Is port 135 flapping in the wind ?
>
> Possibly being a security risk if your firewall is not blocking this port.
> Even if your firewall is blocking this port. Just the thought of this port
> being left open by the Microsoft operating system annoys you and you would
> like that port 135 closed once and for all
>
> Check to see what ports are currently open. This is best done when you
> first
> boot in to windows and have not connected to the net
>
> 1)open command prompt - start > run > cmd
>
> 2)type in the following command:
>
> netstat -an
>
> -a this switch lists all listening ports
> -n lists all addresses & ports in numerical order
>
> You will see port 135 listening
>
> Note: Before making any registry changes or continuing with this
> procedure.
>
> - Create a system restore point, Backup your computer & export each
> registry
> path before modifying any Registry entries.
>
>
> ...This is how you disable Dcom & Close Port 135
>
> Disable Dcom
>
> 1) Start Registry Editor - start > run > regedt32
>
> 2) Navigate to the following registry Key
>
> - HKEY_LOCAL_MACHINE \ Software \ Microsoft \ OLE
>
> 3) Located at the right side. Select the item named EnableDCOM and modify
> the value to N
>
>
> This next step Will Close Port 135
>
> 4) Open registry editor & navigate to this registry key
>
> HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Rpc
>
> 5) Right click on & Modify the value named DCOM Protocols
>
> 6) Under the Value Data, you will see values like
> DCOM Protocols
>
> Value Data:
>
> ncacn_ip_tcp REG_SZ rpcrt4.dll
> ncacn_nb_tcp REG_SZ rpcrt4.dll
> ncacn_np REG_SZ rpcrt4.dll
> ncacn_ip_udp REG_SZ rpcrt4.dll
> ncacn_http REG_SZ rpcrt4.dll
>
> Any value attached to DCOM Protocols is what keeps the Port 135 / epmap
> (endpoint mapper)
>
> 7) Under Value Data highligt Everything listed and DELETE All by using
> your
> Delete key or your Backspace key.
>
> DCOM Protocols
>
> Value Data:
>
>
>
> Click ok
>
> All there should be is DCOM Protocols with no values
>
> 8) Done with registry editor ..exit or close registry editor
>
> 9) Open Control Panel > Administrative Tools > double click Services
>
> Disable the following services since DCOM has also disabled
>
>
> - COM+ Event System
> - COM+ System Application
> - System Event Notification
>
> 10) Finally Restart the computer...
>
> For verification when your computer has restarted open the command prompt.
>
> Type netstat -an and for certain you will see port 135 closed.
>
> Then you can celebrate... yippee!, dance around the room,scream out your
> window.. and say bye bye port 135!
>
> Hope this has Helped you in finally closing the Pesky Port 135.
>
> Have a Good One
>
Thank you, but I thought Windows XP SP2 firewall is already blocking
incoming connections; have you tried any security tests before making this
change? In other words what does it buy you in terms of security? Have you
run "tcpdump" or another sniffer program to see what it was doing prior to
making this change?
--
Allan
