«

bigpond cable via usb.............
tried to close this port but stubbornly it remains open
i have turned off dcom and set rules in the firewall [kerio] which
disallows access in or out for tcp or udp

any tips on how to cloak or at least close port 135?
thanks
scul

scully wrote something like:

> bigpond cable via usb.............
> tried to close this port but stubbornly it remains open
> i have turned off dcom and set rules in the firewall [kerio] which
> disallows access in or out for tcp or udp
>
> any tips on how to cloak or at least close port 135?
> thanks
> scul

Use a router. I use an old headless P166 PC with smoothwall on it, but any
hardware router/firewall is a good idea IMO.

--
-
Leafnode. Making usenet a better place.
-

On Sat, 10 Dec 2005 23:10:39 GMT, scully wrote:
>
> any tips on how to cloak or at least close port 135?


Results 1 - 10 of 654 for close port 135 group:*microsoft* (0.19 seconds)

Using the following with
close port 135 in the first box and
*microsoft* in the newsgroup box (astrisk microsoft asterisk)

----------- standard search text follows ----------------------

Please bookmark the following, very large,
Frequently Asked Questions (faq) Search engine:

http://groups.google.com/advanced_group_search
key word(s) in the first box
*linux* in Newsgroup box. You need to use the two
asterisks around linux, pick English

If you want/need more control over the first box search,
http://www.google.com/help/refinesearch.html

From: "scully" <>

| bigpond cable via usb.............
| tried to close this port but stubbornly it remains open
| i have turned off dcom and set rules in the firewall [kerio] which
| disallows access in or out for tcp or udp
|
| any tips on how to cloak or at least close port 135?
| thanks
| scul

Use a Cable/DSL Router such as the Linksys BEFSR41 and specifically block TCP and UDP ports
135 ~ 139 and 445 and you won't have to muck with the computer's OS.

I take it TCP/UDP port 305 is a typo as there is nothing from Microsoft or other vendors at
that port loading a Service.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"scully" <> wrote in message
news:...
> bigpond cable via usb.............
> tried to close this port but stubbornly it remains open
> i have turned off dcom and set rules in the firewall [kerio] which
> disallows access in or out for tcp or udp
>
> any tips on how to cloak or at least close port 135?
> thanks
> scul


So how do you know the port is "open"?

<Vanguard> wrote something like:

> "scully" <> wrote in message
> news:...
>> bigpond cable via usb.............
>> tried to close this port but stubbornly it remains open
>> i have turned off dcom and set rules in the firewall [kerio] which
>> disallows access in or out for tcp or udp
>>
>> any tips on how to cloak or at least close port 135?
>> thanks
>> scul
>
>
> So how do you know the port is "open"?

Yeah. Most of the online scanners are flakey. You go to a couple of
different ones and they are likely to give different results...

--
-
Leafnode. Making usenet a better place.
-

On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:

>"scully" <> wrote in message
>news:.. .
>> bigpond cable via usb.............
>> tried to close this port but stubbornly it remains open
>> i have turned off dcom and set rules in the firewall [kerio] which
>> disallows access in or out for tcp or udp
>>
>> any tips on how to cloak or at least close port 135?
>> thanks
>> scul
>
>
>So how do you know the port is "open"?
i usually use grc's sheilds up as a qick test
and it reported 135 as being open all other ports were cloaked
i disabled dcom and found a few other services i should disable such
as the rpc and remote access services.....
i also set rules to disable access to these ports 135,136. 137.138,139
for udp + tcp in kerio firewall.....port 135 obviously this didnt do
it...still responding to pings from grc
wonder if disabling echo request would do the trick??
i cant test it here as we have a hardware firewall i cant play with
scul

From: "scully" <>

< snip >

| i cant test it here as we have a hardware firewall i cant play with
| scul

Do you think you just answered your question in your reply ?

As I suggested, use a Cable/DSL Router and specifically block 135 ~139 and 445 on the
Router. You can even get a Router model with a full FireWall implementation.

I have a Linksys BEFSR81and block all WAN requests and those ports and all ports scans from
all sites indicate all ports are stealthed. I have the RPC, NetBIOS and SMB ports open on
all my PCs because I have a SOHO LAN behind that Router. No mucking with the OS needed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"scully" <> wrote in message
news:...
> On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
>
>>"scully" <> wrote in message
>>news:. ..
>>> bigpond cable via usb.............
>>> tried to close this port but stubbornly it remains open
>>> i have turned off dcom and set rules in the firewall [kerio] which
>>> disallows access in or out for tcp or udp
>>>
>>> any tips on how to cloak or at least close port 135?
>>> thanks
>>> scul
>>
>>
>>So how do you know the port is "open"?
> i usually use grc's sheilds up as a qick test
> and it reported 135 as being open all other ports were cloaked
> i disabled dcom and found a few other services i should disable such
> as the rpc and remote access services.....
> i also set rules to disable access to these ports 135,136. 137.138,139
> for udp + tcp in kerio firewall.....port 135 obviously this didnt do
> it...still responding to pings from grc
> wonder if disabling echo request would do the trick??
> i cant test it here as we have a hardware firewall i cant play with
> scul


Now it's port 135 (instead of 305)? Did you read the comments on GRC's web
page regarding port 135?

See https://www.grc.com/port_113.htm. It is about a different port but
gives clues as to how you close that port. Basically, define a rule that
kills the port. If you have a NAT router, disable it there. If all you
have is a software firewall in a host connected directly to the Internet
then define a rule to block it there.

On Sat, 10 Dec 2005 22:26:12 -0600, <Vanguard> wrote:

>"scully" <> wrote in message
>news:.. .
>> On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
>>
>>>"scully" <> wrote in message
>>>news: ...
>>>> bigpond cable via usb.............
>>>> tried to close this port but stubbornly it remains open
>>>> i have turned off dcom and set rules in the firewall [kerio] which
>>>> disallows access in or out for tcp or udp
>>>>
>>>> any tips on how to cloak or at least close port 135?
>>>> thanks
>>>> scul
>>>
>>>
>>>So how do you know the port is "open"?
>> i usually use grc's sheilds up as a qick test
>> and it reported 135 as being open all other ports were cloaked
>> i disabled dcom and found a few other services i should disable suc>> as the rpc and remote access services.....
>> i also set rules to disable access to these ports 135,136. 137.138,139
>> for udp + tcp in kerio firewall.....port 135 obviously this didnt do
>> it...still responding to pings from grc
>> wonder if disabling echo request would do the trick??
>> i cant test it here as we have a hardware firewall i cant play with
>> scul
>
>
>Now it's port 135 (instead of 305)? Did you read the comments on GRC's web
>page regarding port 135?
>
>See https://www.grc.com/port_113.htm. It is about a different port but
>gives clues as to how you close that port. Basically, define a rule that
>kills the port. If you have a NAT router, disable it there. If all you
>have is a software firewall in a host connected directly to the Internet
>then define a rule to block it there.
the machine in question is offsite. i am going back next week to
attempt to secure it properly.....my friend has no money for a router
so we need to do the job with a software firewall ....as i said we are
well protected here with hardware firewall so i cant do much to test
this .....ip address of his computer is fixed and a previous virus
infection has allowed access to a server that is still attemting to
download virus.....
the only visible port is 135 and that is open....obviously my
knowledge here is deficient as i closed the port to tcp + udp which
did nothing...... my simple question is if i kill the port for icmp
will that cloak it.....i am using kerio pf
thanks again
scul