How to stop local port 135 listening?

Discussion in 'Windows 10' started by DirtyAngelicaSecured, Jun 14, 2020.

  1. DirtyAngelicaSecured

    DirtyAngelicaSecured MDL Junior Member

    Mar 30, 2020
    69
    9
    0
    I've been unable to close it with Windows 10 Firewall. DCOM was disabled through DCOM Config, but that didn't prevent my SYN scan to detect port 135 as open (locally, not remotely) and detect OS with decent accuracy.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. coleoptere2007

    coleoptere2007 MDL Guru

    Apr 8, 2008
    2,946
    1,565
    90
    What is the reason to try this ?
     
  3. bear_aussie

    bear_aussie MDL Member

    Jun 8, 2015
    125
    62
    10
    disabling dcom breaks tons of stuff
    firewall it instead so nothing outside ur computer can connect 2 port 135
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. petok

    petok MDL Member

    May 4, 2009
    242
    149
    10
    DCOM is ancient mode for system in windows 10 is just native if disable no conflict with new programs just if use old programs who use DCOM components.
     
  5. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    944
    820
    30
    There is dozen of services listening, how come you are worried only about the port 135? By default, Windows Firewall blocks inbound, so nothing can connect to it, unless you allow it.
     

    Attached Files:

  6. DirtyAngelicaSecured

    DirtyAngelicaSecured MDL Junior Member

    Mar 30, 2020
    69
    9
    0
    I disable a ton of services, so port 135 thus far is the only one listening. I don't quite understand how Windows 10 Firewall works of if it works at all. For example, DHCP is blocked (both inbound and outbound, TCP and UDP) for all PC's on my network, but none of those PC's are configured to use static local IP's. All of them continue to use DHCP even though Windows 10 firewall supposedly blocks it. Perhaps router NAT overwrites Windows 10 Firewall settings. I have no idea...

    Third party firewalls do work, but the free ones I tried, like TinyWall, block everything and force you to unblock program by program, but that doesn't work either. No matter what I do, if TinyWall is running, internet won't work. I added browsers and almost every EXE I could to exclusion list, but TinyWall keeps blocking everything eternally. I also found it impossible to uninstall. It preserves itself as a service, a service that cannot be stopped or deleted, even with TrustedInstaller privileges...

    Where can I download a list of typical Windows 10 firewall PowerShell rules for security? For example, it is usually advised to disable Multi-Home/Parallel DNS (IGMP), ICMP (pinging), NetBIOS ports, DCOM and DCOM port (135). I am sure there are many others, but again, I don't understand firewalls. Windows-based firewall doesn't seem to do anything while 3rd party firewalls block everything with exclusion lists doing absolutely nothing.

    NAT firewalls are the same way. My ISP-provided modem is set prevent public IP pinging and my personal router is set to do the same, but that does not prevent my public IP from being pingable. Setting either of those routers in Bridged Mode doesn't help the situation either.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    944
    820
    30
    I believe, DHCP uses svchost.exe via ports 67/68, but I have not used DHCP in years so not sure what else.

    Unless you have disabled DNS Client, you need to allow svchost.exe for UDP via port 53 to allow DNS requests.
     
  8. petok

    petok MDL Member

    May 4, 2009
    242
    149
    10
    If you IPS is with enabled NAT protocol then search in router this similar option (ICMP Echo Attack) when this enable then router no allow ping ip adress from out.
     
  9. DirtyAngelicaSecured

    DirtyAngelicaSecured MDL Junior Member

    Mar 30, 2020
    69
    9
    0
    That is what I thought, but if you block the entire connection, ICMP Echo should also be blocked. It is strange because pinging my public IP from local network results in 100% response, but pinging from a website (or from outside of my network) results from 100% packet loss. I asked a friend to ping me from his PC (outside of my network) and it also resulted in 100% packet loss. Therefore, it does work, but not when testing from local IP.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. petok

    petok MDL Member

    May 4, 2009
    242
    149
    10
    #10 petok, Jun 20, 2020
    Last edited: Jun 20, 2020
    Maybe try this from cmd add firewall rules for inbound if use windows defender firewall.

    Code:
    netsh advfirewall firewall add rule name="STOP TCP port 135 listening" protocol=TCP dir=in localport=135 action=block enable=yes
    I just get this when use command

    Code:
    netstat -n -a | findstr "LISTENING" | findstr ":135"
    Code:
      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
      TCP    [::]:135               [::]:0                 LISTENING
     
  11. bear_aussie

    bear_aussie MDL Member

    Jun 8, 2015
    125
    62
    10
    Code:
    STOP TCP port 135 listening
    wf wont stop the port listening
    it will stop the port being connected 2
    ie after doing ur cmd try telnetting 2 port 135 from another computer
    spoiler: it wont connect :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. DirtyAngelicaSecured

    DirtyAngelicaSecured MDL Junior Member

    Mar 30, 2020
    69
    9
    0
    Thanks! I am figuring out Windows 10 Firewall now. The non-Advanced portion of it still makes no sense because "Allowed Apps" are not necessarily allowed. It just means a rule exists for them, but that rule, in Advanced Settings, can be set to "blocked". Even if an App is set to Blocked, it can still be listed as allowed in simple settings Advanced Settings make sense and they work. In Advanced Settings, if I block either (or both) "Core Networking - DNS" or "Core Networking DHCP", Internet will not work.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    944
    820
    30
  14. dcybergeek

    dcybergeek MDL Novice

    Nov 12, 2018
    1
    0
    0
    TCP port 135 is not useful for most non-server computer.
     
  15. DirtyAngelicaSecured

    DirtyAngelicaSecured MDL Junior Member

    Mar 30, 2020
    69
    9
    0
    #15 DirtyAngelicaSecured, Jun 21, 2020
    Last edited: Jun 23, 2020
    (OP)
    I think I will need to relearn everything once I get my Sophos hardware firewall and replace my iPhone with Ncryptcellular secure phone.

    I think I will also need to stop using Comcast for broadband ISP and stop using AT&T for cellular ISP because both of them refuse to accept the new decentralized offshore cryptocurrencies.

    Then I can host my own files via Nextcloud without having to rely on Apple's services and having them be yet another MITM party, but maybe that is when port 135 will become of significance.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. mahesh57556

    mahesh57556 MDL Novice

    Jun 24, 2020
    3
    0
    0
    I don't know butl ocal port 135 is not very important.

    port 135 is used in client/server applications (might be on a single machine) such as Exchange clients, the recently exploited messenger service, as well as other Windows NT/2K/XP software