Hi everybody, I am on windows 7, I made a virus scan of my network and I got this: 1/ for my computer: services: 135- RPC 49152 - UNKNOWN 2/ for my box (router): services: 53- DNS 80- HTTP 139- NETBIOS 443- HTTPS 445- SMB I have read every where (also on the good website of grc.com) that the 135 port should be closed for security and that DCOM service should be deactivated.What should I do? What could be the UNKNOWN SERVICE on port 49152 and should deactivated and how to do it? Are the services on my router are legitimates? Thank you for your help and your explanations. Have a pretty good week end. Born
This works perfectly, but if I remember correctly, closing port 135 will disable Task Scheduler and cause all kinds of problems. http://www.softpedia.com/get/Security/Firewall/Windows-Worms-Doors-Cleaner.shtml
Hi TairikuOkami, Thank you for your answer but you don't answer to my questions. This product Windows Worms Doors Cleaner didn't get any update since 2008 I won't downloaded. Have a good day. Any one has an idea?? Born
Did you scan your network from within or from outside? What tool or which online service did you use? "virus scan" - I guess you are talking about portscan? If you don't have server on your network you can close all those ports on router for incoming connection attempts. I don't have DCOM disabled as it would probably cause too much problems (RPC also depends on it). To find out what is using that random port number you can use TCPView and Process Explorer to check it out.
Hi Minimalist, On my antivirus I have a predefined scan called "Analysis of network threats" and I activated it and got the results I wrote in my post. This is a scan inside my network. I don't use any server. If I close port 135 how DCOM will work if it can cause too much troubles. I found a list of critical ports to close what do you think about it? Service-------------------------- Port(s)-------------------- Service(s) Windows Protocole IKE........................ 500/udp................................... IPSEC Policy Agent Protocole NTP.........................123/udp......................................Windows Time UPnP .......................... 5000/tcp, 1900/udp ......................... SSDP Discovery Service Cache DNS...................dynamique >1024/udp .............................. DNS Client NetBIOS sur TCP ........ 137/udp, 138/udp, 139/tcp ............... TCP/IP NetBIOS Helper Service CIFS/SMB ..................... 139/tcp, 445/tcp............................ Server, Workstation Portmapper RPC...............135/tcp, 135/udp...................... Remote Procedure Call (RPC) Tâches programmées......dynamique >1024/tcp...............................Schedule Messenger.................... dynamique >1024/udp ......................... Messenger Service .................................1025....................................... Services Thank you for your interest. Have a good day. Born
Here is how I got those services configured: IPSEC Policy Agent - Manual Windows Time - Disabled (I manually synchronize time every now and then) SSDP Discovery Service - Disabled DNS Client - Automatic (I use CCleaner to flush DNS cache) TCP/IP NetBIOS Helper Service - Automatic Server, Workstation - Automatic Remote Procedure Call (RPC) - Automatic Task Scheduler - Automatic Messenger - removed I have no problems with my setup. I never left service enabled and blocked port it was listening on, so I can't give you any info about how it would behave. Have a nice day