First of all, I've been lurking this forum for a while as a guest. It seems every time I google something security-related, I find a helpful thread on this forum, so thanks all. I'm running XP sp3, freshly installed. I'm behind an SPI router (linksys with OpenWRT). Port Explorer said svchost was using local port 135 (which is supposed to be related to RPC?) to listen from local address 0.0.0.0 to remote address 0.0.0.0, remote port 0. (Correct my phraseology if necessary.) So I followed the relevant suggestions here -- http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html And all that did was change the local address to 127.0.0.1, the port is still listening. Should I close it? If so, how? These are the only services I have running: - DHCP Client - Event Log - Logical Disk Manager - Network Connections Manager - OpenDNSCrypt - Plug and Play - RPC - Secondary Login - Security Accounts Manager - Audio - WMI - WZC I did these registry tweaks related to RPC: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpc\Linkage] "Bind"=hex(7):31,00,00,00,00,00 And in [...RpcSs], I added REG_SZ ListedOnInternet = N And another ports question -- Is it a bad thing that OpenDNSCrypt is always listening on some ports? (Port Explorer lists opendnsinterface.exe and dnscrypt-proxy.exe). It's probably supposed to be doing that, but does that leave me vulnerable?