How to close ports 135 and 445 (Windows 7)?

Discussion in 'other security issues & news' started by AlexC, Nov 5, 2011.

Thread Status:
Not open for further replies.
  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    After a port scan to my internal IP i realized i had 3 ports open: 135, 139 and 445.
    I'm behind a router but there are other people using the same wireless connection, so my computer may still be infected with a worm... I've been able to close port 139, but not the other two.

    Anyone here was able to close ports 135 and 445 in windows 7o_O

    Thanks!
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Since you're using Windows Firewall, you could change the network location to Public if you're not using file or printer sharing.
     
  3. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    My network location is already Public, however those ports remains opened...
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Go into "Network and Sharing Center", and then click "Change advanced sharing settings." For the Public network location, change the settings to the more restrictive settings.
     
  5. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Thanks Mr Brian, i'll try it as soon as i can and report back, since right now i don't have access to the computer. By the way, in this moment I'm posting from Ubuntu 11.10 that reports 0 open ports (default instalation)...
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Shouldn't turning off "Network Discovery" and "File and Printer Sharing" take care of this generally? I have those turned off and public folders turned off as well (only one system in the house).
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I think so.
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    That was my understanding, thank you :)
     
  10. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Thanks for your replies. I've checked those settings and they were already disabled... However Advanced Port Scanner still reports open ports:

    135 (loc-srv)
    445 (microsoft-ds)
     
  11. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    having done other things you mention you did there is no need to closing those ports for the sake of it. Does that utility specify what keeps the ports open?
     
  12. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280

    No, but using CurrPorts i can see:

    Local port
    135 epmap
    445 microsoft-ds
    5355 llmnr
     
  13. wat0114

    wat0114 Guest

    Hi Alex,

    I installed Advanced Port Scanner on the other desktop which is connected to an ordinary hub this machine is on. I've got Win7 fw w/advanced security set to Public profile with inbound and outbound connections that do not match a rule are blocked. With the fw enabled, the scanner reports all ports as closed. With the fw disabled, only port 135 shows open. The ss of the event viewer security entry shows the scanning machine ip (192.168.1.69) ICMP (protocol=1) packet blocked to my machine (.66) blocked at port 8.

    I'm not sure what's happening with your scans, but they should be blocked if your profile is Public with outbound/inbound blocked by default. Did you verify your inbound rules are not allowing anything?
     

    Attached Files:

  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    AlexC,

    Are the results you're getting the result of a scan of your own computer from that same computer, or from a different computer? I think you were testing your own computer from your own computer. If it's from the same computer, then those ports should be open. If it's from a different computer within your local network, then those ports should be closed given your settings.
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Thanks for your answers wat0114 and MrBrian.
    In fact i´m were testing my own computer from your my computer. I'll scan from another computer in the same local network and see the results. Thanks!
     
  16. wat0114

    wat0114 Guest

    You're welcome. You will see different, more accurate, results, I'm sure :) Even with the fw enabled, scanning from within the computer is not representative of a real world scan originating from outside your pc's network interface, so you will see open ports, and those same ports will be closed if your fw is enabled and configured correctly to block port scans external to your network interface.
     
    Last edited by a moderator: Nov 6, 2011
  17. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    I've scanned from another computer in the same local network and the ports are closed... Thanks!:thumb:
     
Loading...
Thread Status:
Not open for further replies.