Author Topic: <techy made easy I hope> Stopping ports and services  (Read 354 times)

<techy made easy I hope> Stopping ports and services
« on: May 12, 2004, 09:39:35 PM »
Will this help anybody?
After the recent viruses that a few here had. I went looking for information I used ages ago which has helped keep my computer secure and running a bit better. Everything is for XP and 2000 but http://www.uksecurityonline.com/husdg/w98p2.php is a page for windows 98 users.
Firstly, if you open up a DOS window (command prompt) and type and enter:

netstat -aon

(note there is a space between netstat and -)
You will have a list of all the ports that are listening or being used on your computer. It tends to be ports 135 139 145 and 445 that are the targetted ones by worm viruses.
The port number is after the : in the local address column.

Then if you open another DOS window (command prompt) and type and enter:

tasklist
 
you will see a list of running tasks, like task manager, but this lists all the program ID numbers (PID column) compare this with the PID column in the first window to get an idea of which tasks are using which ports. Just get an idea.

To stop port 445 listening click here (XP):
http://www.uksecurityonline.com/husdg/windowsxp/close445.htm
Windows 2000
http://www.uksecurityonline.com/husdg/windows2000/close445.htm

To get a list of recommended services to disable click here (XP):
http://www.uksecurityonline.com/husdg/windowsxp/disableservices.htm
Windows 2000
http://www.uksecurityonline.com/husdg/windows2000/disableservices.htm

Now, if you click START - RUN and then type and enter

services.msc

A window will appear with all the services listed. Many of them will match the list in the link above. You can right-click any service in the name column then click on properties and change the startup type to what is recommended.

A couple of things. If you disable the Themes service in XP you will end up with a half Windows 98 half XP  look so you might like to ignore their advice there. And I don't know why there are two options for Telephony - ignore the first one.
All my services are still set as they recommended (but only disabled where they have also recommeded to uninstall it) except for the themes.
If you did something wrong while doing all this your computer will still boot up so you can't do any damage. They are not essential to the basic running of your computer so any errors you make can be reversed by enabling them again.

Oh, Port 135 may still be listening afterwards. I don't know how to stop that. If you disabled the RPC service it will close, but then your computer will shutdown. Just like what sasser worm did.