cant close or cloak port 305 win 2k

Discussion in 'Computer Security' started by scully, Dec 10, 2005.

  1. scully

    scully Guest

    bigpond cable via usb.............
    tried to close this port but stubbornly it remains open
    i have turned off dcom and set rules in the firewall [kerio] which
    disallows access in or out for tcp or udp

    any tips on how to cloak or at least close port 135?
    thanks
    scul
     
    scully, Dec 10, 2005
    #1
    1. Advertising

  2. scully wrote something like:

    > bigpond cable via usb.............
    > tried to close this port but stubbornly it remains open
    > i have turned off dcom and set rules in the firewall [kerio] which
    > disallows access in or out for tcp or udp
    >
    > any tips on how to cloak or at least close port 135?
    > thanks
    > scul


    Use a router. I use an old headless P166 PC with smoothwall on it, but any
    hardware router/firewall is a good idea IMO.

    --
    -
    Leafnode. Making usenet a better place.
    -
     
    amosf (Tim Fairchild), Dec 10, 2005
    #2
    1. Advertising

  3. scully

    Bit Twister Guest

    On Sat, 10 Dec 2005 23:10:39 GMT, scully wrote:
    >
    > any tips on how to cloak or at least close port 135?



    Results 1 - 10 of 654 for close port 135 group:*microsoft* (0.19 seconds)

    Using the following with
    close port 135 in the first box and
    *microsoft* in the newsgroup box (astrisk microsoft asterisk)

    ----------- standard search text follows ----------------------

    Please bookmark the following, very large,
    Frequently Asked Questions (faq) Search engine:

    http://groups.google.com/advanced_group_search
    key word(s) in the first box
    *linux* in Newsgroup box. You need to use the two
    asterisks around linux, pick English

    If you want/need more control over the first box search,
    http://www.google.com/help/refinesearch.html
     
    Bit Twister, Dec 10, 2005
    #3
  4. From: "scully" <>

    | bigpond cable via usb.............
    | tried to close this port but stubbornly it remains open
    | i have turned off dcom and set rules in the firewall [kerio] which
    | disallows access in or out for tcp or udp
    |
    | any tips on how to cloak or at least close port 135?
    | thanks
    | scul

    Use a Cable/DSL Router such as the Linksys BEFSR41 and specifically block TCP and UDP ports
    135 ~ 139 and 445 and you won't have to muck with the computer's OS.

    I take it TCP/UDP port 305 is a typo as there is nothing from Microsoft or other vendors at
    that port loading a Service.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Dec 11, 2005
    #4
  5. scully

    Guest Guest

    "scully" <> wrote in message
    news:...
    > bigpond cable via usb.............
    > tried to close this port but stubbornly it remains open
    > i have turned off dcom and set rules in the firewall [kerio] which
    > disallows access in or out for tcp or udp
    >
    > any tips on how to cloak or at least close port 135?
    > thanks
    > scul



    So how do you know the port is "open"?
     
    Guest, Dec 11, 2005
    #5
  6. <Vanguard> wrote something like:

    > "scully" <> wrote in message
    > news:...
    >> bigpond cable via usb.............
    >> tried to close this port but stubbornly it remains open
    >> i have turned off dcom and set rules in the firewall [kerio] which
    >> disallows access in or out for tcp or udp
    >>
    >> any tips on how to cloak or at least close port 135?
    >> thanks
    >> scul

    >
    >
    > So how do you know the port is "open"?


    Yeah. Most of the online scanners are flakey. You go to a couple of
    different ones and they are likely to give different results...

    --
    -
    Leafnode. Making usenet a better place.
    -
     
    amosf (Tim Fairchild), Dec 11, 2005
    #6
  7. scully

    scully Guest

    On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:

    >"scully" <> wrote in message
    >news:...
    >> bigpond cable via usb.............
    >> tried to close this port but stubbornly it remains open
    >> i have turned off dcom and set rules in the firewall [kerio] which
    >> disallows access in or out for tcp or udp
    >>
    >> any tips on how to cloak or at least close port 135?
    >> thanks
    >> scul

    >
    >
    >So how do you know the port is "open"?

    i usually use grc's sheilds up as a qick test
    and it reported 135 as being open all other ports were cloaked
    i disabled dcom and found a few other services i should disable such
    as the rpc and remote access services.....
    i also set rules to disable access to these ports 135,136. 137.138,139
    for udp + tcp in kerio firewall.....port 135 obviously this didnt do
    it...still responding to pings from grc
    wonder if disabling echo request would do the trick??
    i cant test it here as we have a hardware firewall i cant play with
    scul
     
    scully, Dec 11, 2005
    #7
  8. From: "scully" <>

    < snip >

    | i cant test it here as we have a hardware firewall i cant play with
    | scul

    Do you think you just answered your question in your reply ?

    As I suggested, use a Cable/DSL Router and specifically block 135 ~139 and 445 on the
    Router. You can even get a Router model with a full FireWall implementation.

    I have a Linksys BEFSR81and block all WAN requests and those ports and all ports scans from
    all sites indicate all ports are stealthed. I have the RPC, NetBIOS and SMB ports open on
    all my PCs because I have a SOHO LAN behind that Router. No mucking with the OS needed.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Dec 11, 2005
    #8
  9. scully

    Guest Guest

    "scully" <> wrote in message
    news:...
    > On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
    >
    >>"scully" <> wrote in message
    >>news:...
    >>> bigpond cable via usb.............
    >>> tried to close this port but stubbornly it remains open
    >>> i have turned off dcom and set rules in the firewall [kerio] which
    >>> disallows access in or out for tcp or udp
    >>>
    >>> any tips on how to cloak or at least close port 135?
    >>> thanks
    >>> scul

    >>
    >>
    >>So how do you know the port is "open"?

    > i usually use grc's sheilds up as a qick test
    > and it reported 135 as being open all other ports were cloaked
    > i disabled dcom and found a few other services i should disable such
    > as the rpc and remote access services.....
    > i also set rules to disable access to these ports 135,136. 137.138,139
    > for udp + tcp in kerio firewall.....port 135 obviously this didnt do
    > it...still responding to pings from grc
    > wonder if disabling echo request would do the trick??
    > i cant test it here as we have a hardware firewall i cant play with
    > scul



    Now it's port 135 (instead of 305)? Did you read the comments on GRC's web
    page regarding port 135?

    See https://www.grc.com/port_113.htm. It is about a different port but
    gives clues as to how you close that port. Basically, define a rule that
    kills the port. If you have a NAT router, disable it there. If all you
    have is a software firewall in a host connected directly to the Internet
    then define a rule to block it there.
     
    Guest, Dec 11, 2005
    #9
  10. scully

    scully Guest

    On Sat, 10 Dec 2005 22:26:12 -0600, <Vanguard> wrote:

    >"scully" <> wrote in message
    >news:...
    >> On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
    >>
    >>>"scully" <> wrote in message
    >>>news:...
    >>>> bigpond cable via usb.............
    >>>> tried to close this port but stubbornly it remains open
    >>>> i have turned off dcom and set rules in the firewall [kerio] which
    >>>> disallows access in or out for tcp or udp
    >>>>
    >>>> any tips on how to cloak or at least close port 135?
    >>>> thanks
    >>>> scul
    >>>
    >>>
    >>>So how do you know the port is "open"?

    >> i usually use grc's sheilds up as a qick test
    >> and it reported 135 as being open all other ports were cloaked
    >> i disabled dcom and found a few other services i should disable suc>> as the rpc and remote access services.....
    >> i also set rules to disable access to these ports 135,136. 137.138,139
    >> for udp + tcp in kerio firewall.....port 135 obviously this didnt do
    >> it...still responding to pings from grc
    >> wonder if disabling echo request would do the trick??
    >> i cant test it here as we have a hardware firewall i cant play with
    >> scul

    >
    >
    >Now it's port 135 (instead of 305)? Did you read the comments on GRC's web
    >page regarding port 135?
    >
    >See https://www.grc.com/port_113.htm. It is about a different port but
    >gives clues as to how you close that port. Basically, define a rule that
    >kills the port. If you have a NAT router, disable it there. If all you
    >have is a software firewall in a host connected directly to the Internet
    >then define a rule to block it there.

    the machine in question is offsite. i am going back next week to
    attempt to secure it properly.....my friend has no money for a router
    so we need to do the job with a software firewall ....as i said we are
    well protected here with hardware firewall so i cant do much to test
    this .....ip address of his computer is fixed and a previous virus
    infection has allowed access to a server that is still attemting to
    download virus.....
    the only visible port is 135 and that is open....obviously my
    knowledge here is deficient as i closed the port to tcp + udp which
    did nothing...... my simple question is if i kill the port for icmp
    will that cloak it.....i am using kerio pf
    thanks again
    scul
     
    scully, Dec 12, 2005
    #10
  11. scully

    Guest

    In alt.computer.security scully <> wrote:
    > the machine in question is offsite. i am going back next week to
    > attempt to secure it properly.....my friend has no money for a router
    > so we need to do the job with a software firewall ....as i said we are
    > well protected here with hardware firewall so i cant do much to test
    > this .....ip address of his computer is fixed and a previous virus
    > infection has allowed access to a server that is still attemting to
    > download virus.....
    > the only visible port is 135 and that is open....obviously my
    > knowledge here is deficient as i closed the port to tcp + udp which
    > did nothing...... my simple question is if i kill the port for icmp
    > will that cloak it.....i am using kerio pf
    > thanks again
    > scul


    Considering ICMP is not port-based, that would be difficult to do.

    Make sure you are scanning the right adress. Make sure that the pfw is
    actually enabled, and blocking *UDP* port 135.

    And routers are very, very cheap. If he has already seen the alternative
    - many, many hours spent rebuilding a Windows system - it should be
    clear to him that his time is worth *something*. Like maybe 25 euros for
    a NAT router.

    Joachim
     
    , Dec 12, 2005
    #11
  12. "scully" <> wrote in message
    news:...
    > On Sat, 10 Dec 2005 22:26:12 -0600, <Vanguard> wrote:
    >
    > >"scully" <> wrote in message
    > >news:...
    > >> On Sat, 10 Dec 2005 19:34:32 -0600, <Vanguard> wrote:
    > >>
    > >>>"scully" <> wrote in message
    > >>>news:...
    > >>>> bigpond cable via usb.............
    > >>>> tried to close this port but stubbornly it remains open
    > >>>> i have turned off dcom and set rules in the firewall [kerio] which
    > >>>> disallows access in or out for tcp or udp
    > >>>>
    > >>>> any tips on how to cloak or at least close port 135?
    > >>>> thanks


    <much snippage>

    > the machine in question is offsite. i am going back next week to
    > attempt to secure it properly.....my friend has no money for a router
    > so we need to do the job with a software firewall ....


    It's a couple of AU$. Literally.

    I presume that you've unticked "Client for Microsoft Networks"? And cut
    anything that starts with the letters "NetB"?

    Depending upon the version of Windows being used, everything you need is
    already there. If you friend every buys a new PC (unlikely, if he can't
    afford a router) and sets-up a network, then the only "gotcha" is to
    remember not to radiate internal DNS requests. That caught me out, before I
    went for a custom Linux distro, and settled on a commercial firewall/router.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Dec 13, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles Packer

    Prisoner on box -- cloak color manipulated

    Charles Packer, Jun 11, 2004, in forum: Digital Photography
    Replies:
    20
    Views:
    765
    John McWilliams
    Jun 19, 2004
  2. Chop Top

    Cloak and Dagger DVD (1984)

    Chop Top, Sep 21, 2003, in forum: DVD Video
    Replies:
    2
    Views:
    511
    AceoHearts
    Sep 22, 2003
  3. Vlvetmorning98

    Cloak and Dagger (1984)

    Vlvetmorning98, May 25, 2004, in forum: DVD Video
    Replies:
    3
    Views:
    512
    trikster
    May 28, 2004
  4. Aphelion

    Cloak & Dagger (1984)

    Aphelion, Nov 28, 2004, in forum: DVD Video
    Replies:
    8
    Views:
    469
    Jay Moseley
    Dec 5, 2004
  5. Neil Armstrong
    Replies:
    3
    Views:
    18,059
    Bill Sanderson
    Sep 18, 2003
Loading...

Share This Page