Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   cant close or cloak port 305 win 2k (http://www.velocityreviews.com/forums/t307350-cant-close-or-cloak-port-305-win-2k.html)

scully 12-10-2005 11:10 PM

cant close or cloak port 305 win 2k
 
bigpond cable via usb.............
tried to close this port but stubbornly it remains open
i have turned off dcom and set rules in the firewall [kerio] which
disallows access in or out for tcp or udp

any tips on how to cloak or at least close port 135?
thanks
scul

amosf (Tim Fairchild) 12-10-2005 11:49 PM

Re: cant close or cloak port 305 win 2k
 
scully wrote something like:

> bigpond cable via usb.............
> tried to close this port but stubbornly it remains open
> i have turned off dcom and set rules in the firewall [kerio] which
> disallows access in or out for tcp or udp
>
> any tips on how to cloak or at least close port 135?
> thanks
> scul


Use a router. I use an old headless P166 PC with smoothwall on it, but any
hardware router/firewall is a good idea IMO.

--
-
Leafnode. Making usenet a better place.
-

Bit Twister 12-10-2005 11:51 PM

Re: cant close or cloak port 305 win 2k
 
On Sat, 10 Dec 2005 23:10:39 GMT, scully wrote:
>
> any tips on how to cloak or at least close port 135?



Results 1 - 10 of 654 for close port 135 group:*microsoft* (0.19 seconds)

Using the following with
close port 135 in the first box and
*microsoft* in the newsgroup box (astrisk microsoft asterisk)

----------- standard search text follows ----------------------

Please bookmark the following, very large,
Frequently Asked Questions (faq) Search engine:

http://groups.google.com/advanced_group_search
key word(s) in the first box
*linux* in Newsgroup box. You need to use the two
asterisks around linux, pick English

If you want/need more control over the first box search,
http://www.google.com/help/refinesearch.html


David H. Lipman 12-11-2005 12:35 AM

Re: cant close or cloak port 305 win 2k
 
From: "scully" <scul@peerless.com>

| bigpond cable via usb.............
| tried to close this port but stubbornly it remains open
| i have turned off dcom and set rules in the firewall [kerio] which
| disallows access in or out for tcp or udp
|
| any tips on how to cloak or at least close port 135?
| thanks
| scul

Use a Cable/DSL Router such as the Linksys BEFSR41 and specifically block TCP and UDP ports
135 ~ 139 and 445 and you won't have to muck with the computer's OS.

I take it TCP/UDP port 305 is a typo as there is nothing from Microsoft or other vendors at
that port loading a Service.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



12-11-2005 01:34 AM

Re: cant close or cloak port 305 win 2k
 
"scully" <scul@peerless.com> wrote in message
news:vjnmp1dj4s53pvmvt1ak2bpoo4trovcgr3@4ax.com...
> bigpond cable via usb.............
> tried to close this port but stubbornly it remains open
> i have turned off dcom and set rules in the firewall [kerio] which
> disallows access in or out for tcp or udp
>
> any tips on how to cloak or at least close port 135?
> thanks
> scul



So how do you know the port is "open"?


amosf (Tim Fairchild) 12-11-2005 01:49 AM

Re: cant close or cloak port 305 win 2k
 
<Vanguard> wrote something like:

> "scully" <scul@peerless.com> wrote in message
> news:vjnmp1dj4s53pvmvt1ak2bpoo4trovcgr3@4ax.com...
>> bigpond cable via usb.............
>> tried to close this port but stubbornly it remains open
>> i have turned off dcom and set rules in the firewall [kerio] which
>> disallows access in or out for tcp or udp
>>
>> any tips on how to cloak or at least close port 135?
>> thanks
>> scul

>
>
> So how do you know the port is "open"?


Yeah. Most of the online scanners are flakey. You go to a couple of
different ones and they are likely to give different results...

--
-
Leafnode. Making usenet a better place.
-

scully 12-11-2005 02:59 AM

Re: cant close or cloak port 305 win 2k
 
On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:

>"scully" <scul@peerless.com> wrote in message
>news:vjnmp1dj4s53pvmvt1ak2bpoo4trovcgr3@4ax.com.. .
>> bigpond cable via usb.............
>> tried to close this port but stubbornly it remains open
>> i have turned off dcom and set rules in the firewall [kerio] which
>> disallows access in or out for tcp or udp
>>
>> any tips on how to cloak or at least close port 135?
>> thanks
>> scul

>
>
>So how do you know the port is "open"?

i usually use grc's sheilds up as a qick test
and it reported 135 as being open all other ports were cloaked
i disabled dcom and found a few other services i should disable such
as the rpc and remote access services.....
i also set rules to disable access to these ports 135,136. 137.138,139
for udp + tcp in kerio firewall.....port 135 obviously this didnt do
it...still responding to pings from grc
wonder if disabling echo request would do the trick??
i cant test it here as we have a hardware firewall i cant play with
scul

David H. Lipman 12-11-2005 03:13 AM

Re: cant close or cloak port 305 win 2k
 
From: "scully" <scul@peerless.com>

< snip >

| i cant test it here as we have a hardware firewall i cant play with
| scul

Do you think you just answered your question in your reply ?

As I suggested, use a Cable/DSL Router and specifically block 135 ~139 and 445 on the
Router. You can even get a Router model with a full FireWall implementation.

I have a Linksys BEFSR81and block all WAN requests and those ports and all ports scans from
all sites indicate all ports are stealthed. I have the RPC, NetBIOS and SMB ports open on
all my PCs because I have a SOHO LAN behind that Router. No mucking with the OS needed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



12-11-2005 04:26 AM

Re: cant close or cloak port 305 win 2k
 
"scully" <scul@peerless.com> wrote in message
news:9k4np195mdlvkf382d8s93uqebori6813m@4ax.com...
> On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
>
>>"scully" <scul@peerless.com> wrote in message
>>news:vjnmp1dj4s53pvmvt1ak2bpoo4trovcgr3@4ax.com. ..
>>> bigpond cable via usb.............
>>> tried to close this port but stubbornly it remains open
>>> i have turned off dcom and set rules in the firewall [kerio] which
>>> disallows access in or out for tcp or udp
>>>
>>> any tips on how to cloak or at least close port 135?
>>> thanks
>>> scul

>>
>>
>>So how do you know the port is "open"?

> i usually use grc's sheilds up as a qick test
> and it reported 135 as being open all other ports were cloaked
> i disabled dcom and found a few other services i should disable such
> as the rpc and remote access services.....
> i also set rules to disable access to these ports 135,136. 137.138,139
> for udp + tcp in kerio firewall.....port 135 obviously this didnt do
> it...still responding to pings from grc
> wonder if disabling echo request would do the trick??
> i cant test it here as we have a hardware firewall i cant play with
> scul



Now it's port 135 (instead of 305)? Did you read the comments on GRC's web
page regarding port 135?

See https://www.grc.com/port_113.htm. It is about a different port but
gives clues as to how you close that port. Basically, define a rule that
kills the port. If you have a NAT router, disable it there. If all you
have is a software firewall in a host connected directly to the Internet
then define a rule to block it there.




scully 12-12-2005 09:34 PM

Re: cant close or cloak port 305 win 2k
 
On Sat, 10 Dec 2005 22:26:12 -0600, <Vanguard> wrote:

>"scully" <scul@peerless.com> wrote in message
>news:9k4np195mdlvkf382d8s93uqebori6813m@4ax.com.. .
>> On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
>>
>>>"scully" <scul@peerless.com> wrote in message
>>>news:vjnmp1dj4s53pvmvt1ak2bpoo4trovcgr3@4ax.com ...
>>>> bigpond cable via usb.............
>>>> tried to close this port but stubbornly it remains open
>>>> i have turned off dcom and set rules in the firewall [kerio] which
>>>> disallows access in or out for tcp or udp
>>>>
>>>> any tips on how to cloak or at least close port 135?
>>>> thanks
>>>> scul
>>>
>>>
>>>So how do you know the port is "open"?

>> i usually use grc's sheilds up as a qick test
>> and it reported 135 as being open all other ports were cloaked
>> i disabled dcom and found a few other services i should disable suc>> as the rpc and remote access services.....
>> i also set rules to disable access to these ports 135,136. 137.138,139
>> for udp + tcp in kerio firewall.....port 135 obviously this didnt do
>> it...still responding to pings from grc
>> wonder if disabling echo request would do the trick??
>> i cant test it here as we have a hardware firewall i cant play with
>> scul

>
>
>Now it's port 135 (instead of 305)? Did you read the comments on GRC's web
>page regarding port 135?
>
>See https://www.grc.com/port_113.htm. It is about a different port but
>gives clues as to how you close that port. Basically, define a rule that
>kills the port. If you have a NAT router, disable it there. If all you
>have is a software firewall in a host connected directly to the Internet
>then define a rule to block it there.

the machine in question is offsite. i am going back next week to
attempt to secure it properly.....my friend has no money for a router
so we need to do the job with a software firewall ....as i said we are
well protected here with hardware firewall so i cant do much to test
this .....ip address of his computer is fixed and a previous virus
infection has allowed access to a server that is still attemting to
download virus.....
the only visible port is 135 and that is open....obviously my
knowledge here is deficient as i closed the port to tcp + udp which
did nothing...... my simple question is if i kill the port for icmp
will that cloak it.....i am using kerio pf
thanks again
scul


All times are GMT. The time now is 07:30 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.