How to stop these pesty attempts to penetrate ports 135,137 and 445

closing ports 135 137 445 and shut down nbname using regedit

These are problem ports which Windows left open by default. Simply blocking these ports using the
Fire wall does not HIDE these ports and you will be pinged. There are many who have nothing better to
do than trying to attack your PC if these ports are visible. At the least you may be the target of a DOS
attack. Again, a fire wall does not hide these ports from view, it only denies in or outbound traffic through
these ports. If there is what is called a “Syn” flood your browsing will eventually come to a stand still.
The best method is to shut down these ports altogether, using the windows registry:
Both ports 135 and 445 must be closed, if you just close one Widows simply defaults to the other one.
You can do this if you are running your PC as a single Work station and not as part of an office network.
Closing port 135 and 445:
click “start” “run” type regeit and “ok”
In the left window navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
Then in the right pane find the key TransportBindName
double click this key and in the pop up delete whatever is there, giving it a blank value
Next in the left pane navigate to
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
in the right pane find the key: EnableDCOM
double click this key and change the Y to a N
This will make ports 135 and 445 STEALTH
If you also want to make port 137 Stealth the navigate back to
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
and locate the key: “NameServerPort” in the right pane. You will see, that
nbname is trying to use port 137. You can change this to 0…I simply deleted this
key “NameServerPort” altogether. Works just fine for me…using Windows XP
Next close regedit and reboot your computer. You will notice that your Fire wall
will no longer log any of these pesty attacks on these ports because your PC is
no longer an attractive target for crackers and hackers…because these ports
that interest them the most are now stealth. Try it out & confirm at sites that do port scans.
There are also some more nifty registry hacks that speed up your browsing, protect your privacy
prevent some of the built in Spyware by windows from uploading what is on your PC
when you are on a Miicrosoft web site with Java script enabled.
Also there are services that are running by default and should be disabled for secure
browsing, like Telnet, Remote Registry, Remote assistance and many more. I will post these if there is some
interest. As a footnote I wish to say, that I have installed and tried quite a few Fire walls.
None measured up to Comodo!

CFP3 happily stealths these ports for their users. Easiest way is to go to Stealth Ports Wizard and choose the option to stealth all your ports. If you want to be more specific to NetBios and related ports, you can use the attached rules. The first attachment is the application rules to use. The second is the ports that are stealthed by these rules, although you can choose others. Shields Up! will show these ports as stealthed. You can do a search on “NetBIOS” or “Stealth Ports” for further information.

[attachment deleted by admin]

I have blocked NetBios in my router’s firewall, so no traffic is allowed on these ports… I also got most services disabled, so there’s nothing that’s listening on any port.
But like sded said, CFP will stealth ALL ports, unless you decide to open one.

Cheers,
Ragwing

I think the point he’s making is that Comodo will not shut down the
processes that opened the ports in the first place .
Do you need netBIOS,DCOM etc etc ? Most likely not, so why not just disable them ?

Are you trying to insult me?
Of course they’re disabled! I did that ages ago! :BNC

Doesn’t it depend on your situation?
I use port 445 to admin my router. My network won’t work properly without netbios.

You know ALL OF YOU GUYS above here are right!!!
But at the time I posted this I had NO WAY to really and comprehensively say what else I did. MY PC is TOTALLY invulnerable…I know, sound hard to believe. But I have done some modifications at the hardware and BIOS level as well, NOT just what I posted here. To see it all please go to my website: http://askbernhard.9f.com/
There is the whole shebang!..Service settings, Firefox(3) soup ups and how I bored my bandwidth out to the max.
Be careful with that last one, on occasion when I “camp” on a web site too long they ban me for a while from the server, because my PC comes across like a cyber attack. Also no one can see my IP at all (with Java disabled)!
I get a laugh out letting them scan me and all they get is my I-net Link provider who has thousands and thousands of subscribers in that IP range. Some like Firewall Test come back at me with a screen: “Unable to determine if IP such and such is a proxy, a router or a PC”…Imagine that!
But I did some rather scary Windows hack and wacks, often crashed it for good till I had it just right!
But then with the system I am running none of that matters. I just NUKE my entire drive and clone it back from my mother drive which comes on line only if I hit a special toggle switch I installed. Again on my web page I tell how You can do that too!
Thanks ALL YOU GUYS who replied to my post. Look me up and tell me what you think!
Dont worry, I can handle rejection...and also if you have any questions I would be happy to help out. If everyones PC would be set up like this, a lot of these A$$#oles would have to quit writing this Malware garbage because it would be utterly futile.
Again, my sincerest Greetings to you ALL
Signed Bernhard

No, it can’t be. That would mean that it doesn’t exist. It means that NO ONE can hack it (local or remote), and that NOTHING can infect it (local or remote)…

Yes, they can. If you connect to someone, they’ll see your IP, as you’ll need one to connect to the Internet. Also, some servers might keep a log of IP-adresses, so yours will be in there.
It’s possible to use a proxy or spoof it, to hide your real one, but it can be traced back to its original source.

Cheers,
Ragwing

yep a system totaly invulnerable doesnt exists except if u coded your own system and your own apps, in this case, the lamer that wants to attack your system will be defeated by a unknow system as he knows nothing about it and u’re the only one that got the code.
but even in this case as you’re connected to the web, there’s always a danger,
u can reduce the danger by using good AV and good FW (comodo of course )
i use superadblocker too to block almost 100%of Ads on any webpage, this is a good prog, but not freeware, anyway u can get a lifetime serial, what decided me to buy it.
no one can see your ip if u use some proxy but u’re always connected somewhere that logs your true ip or maybe u’re connected to some “open” pc to surf the web…
anyway as u’re connected somewhere with your ip there’s always a possibility to find u.
java disabled or not doesnt change anything about that, but it’s safer to have no java installed on a system, i had trouble once with some java code integrated on a webpage that contaminated my machine in no time, the lamer hacked a normally safe site to integrate a java code that installed a trojan, admins corrected the security failure but it was too late in my case. at this moment i didnt use an AV i thought i was safe just with a Firewall, what is not the case, so now no more java and FW+AV+anti Ads, and my system is more secure but there’s always someone that can break into any securised system. u can always use some router + some hardware firewall to improve security even more, but nothing is 100% safe for the moment.
with some new hardware cpu+mobo that will block malicious codes or some chipset that will control security maybe it will be more hot to hack machine or they can authorize access to the web for a machine that is confirmed safe and registered so people without a registered safe pc will not be able to connect the world network.
it’s restrictive and controled so we can trace u if u do bad activities over the network, but in other case, i don’t know how to stop all this mess that never stops and use bandwitch for nothing except to annoying people.
if u scan the world network u can find so many infected machines…
i used to think i was safe but now as i realize the hidden possibilities to attack systems and control them, i can’t tell if my machines are really safe, i hope so but i would not bet that i’m 100% secure.
how manies security holes are known just by a minority of people and codes that travel and are not tagged as malwares yet.
i found 2 of them with defense+ comodo as AVs said there was no malicious code detected…
so people without defense+ that trust their AV and think they’re safe cause the AV is uptodate are contaminated until the malware is detected by someone and tagged by the AVs.
but who can tell that defense+ is 100% safe, no one even if it’s the best solution facing an unknow app.
there’s always someone to turn around security progs and comodo is not safe at 100% but it’s the best solution i know, if it’s not 100%, it’s probably 90% or more, what is far better than any other security app.

i read that comodo cannot make ads about his FW as it’s a freeware, but i think soon or late all will heard about this FW simply cause it’s the best prog u can use on windows systems, the fact that it’s freeware may be a brake about his usage cause people can think as it’s free, it’s not better than a shareware, what is just wrong, cause we have no FW that can touch the comodo FW level, it’s not a fanatic attitude, it’s just the actual reality.
this FW is a big problem for others security teams, it’s the best and it’s free.
and using netbios or not is not a problem if u got comodo installed.
port 135 is Not as easy to stop compared to port 137,138 and 139. if u stop netbios port 137,138 and 139 will not appear anymore but the port 135 needs some change in the registry to stop it. same for port 445.
some search in google will tell how to disable port 135 and 445.
there are the ports 1900(udp) and 5000(tcp) too named universal plug and pRay , u can stop that just by disabling the right windows services. SSDP Discovery service and Universal plug and play can be disabled in admin tools/services. it’s easy to disable that and no one need those services but it can be a eventual gate as worms that crashed a windows service on XP sp1 (lsass.exe) and shutdown the pc automatically, people just had to modify a rule, do nothing if the service is stopped instead of restart the computer,
lsass.exe is a process u cannot stop or u will not login into your windows session anymore so it was a dam security hole.
once i blocked a malicious dll locked to lsass.exe then as the process couldnt start the dll, i stayed out of my system with a black screen. lsass.exe didnt want to start cause of the locked maliciouse dll it couldnt load.
there was no way to recover from this prob as it was on the laptop and i had no hd case for laptop HD size,
with a hd case i could login my vista desktop and change the permissions of the dll so lsass.exe could start the dll and start to authorize myself to login my session.
each mode i tried to start vista resulted by a black screen.
so as a machine is impossible to secure at 100%, a backup app is a need to save your system every day so u can reload a system not contaminated very fast,
i knew the file was a malware with defense+ but i wanted to see what the file would do on the system and clean it, but a dll attached to a windows system file can’t be deleted. was an activeX that oppened urls, i succeeded to clean the activity but impossible to delete the dll locked to lsass.exe, maybe unlocker could help, i didnt try, i just changed the permissions to block all activities of the dll. bad idea, i was locked out and nothing to help me to correct the prob.
so instead of trusting into your security, a backup is a better idea.
it can save u when u’re facing probs u didnt expect. if u cannot fix your system, the backup u did the day before will fix it for sure.
i prefere using acronis echo every day than trust my security pc level.
a backup app is the most secure solution for people.
what will u do if your security scheme is bypassed by a new malware? cry or backup your system every day ?
i prefere backup than lose all data cause i thought my pc was a fortress
one day or an other anyone is caught by some malware, security experts would never just trust into their capacities to defeat any new danger, they install a system to backup all that is needed even with a extremly high network protection…cause they know that they don’t know what will happen tomorrow…

You have a point Sir, but I must stress that MY PC is NOT CONNECTED TO THE NET EVER!!!
Only the clone, the main system sits there POWER OFF, because I wired my PC to be truly DUAL.
That has NOTHING to do with backup & restore.
All I do is power up with the main system which has NO WAY to get infected, like how? and then simply
NUKE my clone without even looking at it!..not even the best root kit can do anything if the POWER IS OFF?
it is not as if a computer “virus” is like a biological virus. I should state here again that I repair a LOT of PCs and in order to be able to do so I deliberatley download ANY PIECE OF MALWARE THAT I CAN FIND! Just to study it...with my clone of course. After I found out what I wanted to know the entire drive is nuked I simply dont care what was on it. Should the drive be wrecked like some clever malware was able to do about 10 years ago, I dont care either. I have a whole stack of replacements on my shelves. You credit these idiots that write this ■■■■ with a lot more intelligence than they command in reality. Well Hollywood movies do instill that image, but do believe me there ARE people out there that CAN think circles around that ■■■■, but you will never hear from them or about them. Do you really think that say S.A.C. A.F.B in Thule greenland can be hacked? Its rather the other way around Sir. You would be surprised if you had a chance to see what is really at CFS Alert near the north pole and that “Weather” station at the south pole.
Have you ever heard of NARUS? “Carnivore” “Magic Lantern” “Tringle Boy”.
Like I said it`s rather the other way around and all this malware, spyware and so called “hacking” is just idiotic child play on the same level as vandalism or say butting razor blades into apples on Halloween.
Just how intelligent do you have to be for that? And I have absolutely no use for these kind of people.
It take a lot more brains to fix a car, than f****ing it up, will you not agree?
Perhaps you would like to see my web site, I just put some stuff there and you may just find it useful. It as at:
http://askbernhard.9f.com/ .
But in closing I want to thank you again for the trouble you took and I will consider EVERY aspect of what you said there. My best regards
Signed
Bernhard

I’m afraid you’re wrong. If you’re on a dual boot system, you can login to the other one, and you’ll be able to delete the .dll (will work even if you use Linux as the other OS, you’ll have to do some configuration tho).
Also, there’s a utility in 2000, XP and Server 2003 called Recovery Console, which you run from the installation CD, that can remove those .dll-files, as it’s not used by the system.

Cheers,
Ragwing

no the laptop got one HD with vista and the dll was locked by lsass.exe, the malware associated it to this windows system file so i had no rights to delete it.
the dll was used by the system cause when i changed the permissions of the dll to block all activities , when i rebooted as lsass.exe couldnt load the dll i stayed with a black screen. so the dll was used by the system and that’s why i stayed with a black screen cause lsass.Exe couldnt load this dll.
the console mode didnt work either.
anyway all modes on the vista start menu didnt work, i had the same back screen with all login options.

Thanks for your comment Ragwing:
You ARE right, but I do NOT use a simple dual boot. You can NOT log on my other system UNLESS you first shut my PC down first, then throw the toggle switch I installed and supply the +12 Vdc to power up my HDD0 which is
my Main system. When I am surfing This drive is DISCONNECTED the same way as it would be if you unplug all
the cables and put it on a shelf. I am sure you would have known that, but I guess I should have made that more
clear on my web site http://askbernhard.9f.com/ . Apparently I made the mistake to put that description
too far down the bottom of my front page. If you click on that link which leads to my Hardware modifications, thats where it is!..... I run a "full deck" 3 Hard drives, 1 CD and USB drives. So my "Surfer" is HDD1, but when my switch cuts the power at HDD0 and I boot up BIOS thinks HDD1 =HDD0 and then assigns the drive letter C:\ to that. I can look all I want and of course even I cant find my REAL HDDO which is my MAIN, because it has been for all intents and purposes uninstalled!
Of course Ragwing, if you have a large enough USB flash drive you dont even need to do all these hardware modifications. You can just use XXCLONE to make that a boot up drive, then in BIOS declare that as the first in your boot sequence. Now after you unplug it and go surfing with YOUR! HDDO, there is NO WAY anybody can hurt your main PC op system which is in your pocket, residing on your flash drive. If your PC gets trashed or infected just plug in your USB flash, boot up, the without!!!!! even looking at ANY FILES on your HDD0, JUST IN CASE there is something bad in the root sector, (quick) format to nuke EVERYTHING than run XXCLONE I put a link on my site where to get that (free!) and clone your operating system back from your USB stick. In under 10 minutes you have a brand new machine CLEAN AS A WHISTLE. As You know most of the best Anti this anti that software takes way longer just to scan your PC. And then how can you be sure that it got EVERYTHING?..... No I like the all American way better: "Nuke the ba$■■■■$, and then rebuild"....hey it worked well when they did it to us Germans. They did not nuke us, but wiped out every ■■■■ we had and now my home country Germany is not too bad! If you are an American, my generation (45) is still very appreciative what your dads did! Id hate to live in the kind of country it would otherwise have been. So do like your dad and “Carpet bomb” your surfer drive, the reclone.
I have set up about ~ 60 to 70 PC`s that came through my repair shop this way and never ever had a problem with them…Even though they are in house holds where kids go back to KAZAA and stuff like that.
When dad gets fed up, he simply does what I showed him when I gave him his PC back.

Wouldn’t something like “deepfreeze” be easier?

Please do tell me what “deepfreeze” is. Im trying out anything and everything I come across. Im what you call a trial software ■■■■■■. But I reall dont need anything like that for my own use. Once a week just like you would defrag yours, I just nuke my whole PC with all the critters that may be on it and reclone the whole thing.
Takes me less than 10 minutes. I`ve been going like that for many years and have toyed around with every bit of ■■■■ ware I could find.
But yes, I also would like to study that “deepfreeze” if you find it useful, than it does interest me!
Signed Bernhard
http://askbernhard.9f.com/ Check out what I just put there, you might just like it

You can find information about Deep Freeze here:

You might also be interested in Returnil or DiskShield (BETA) by Comodo.

However, there’s a small amount of malware that’s able to bypass these kind of protection.

Cheers,
Ragwing

No further comments.

Hey Thanks, Ill check that out with one of my shop PCs
By the way, my web page was REALLY hard to pu together, since where I live we had one
power outage after another one.
It`s somewhat better now and some of the new stuff might interest you, if you are a “hands on guy” and not afraid of doing some surgery. Like I did with an old W98 PC. I converted it into a hot dam Burglar alarm system and last year it saved me from loosing all my possessions. I did have ADT before and most of my worth while stuff and the burglars were long gone before the cops showed up. So I decided to make something better and it cost me only about 30 bucks. Its on my web site [url=ftp://http://askbernhard.9f.com/]http://askbernhard.9f.com/[/url] and the page link is right on top.
Just do me one favor: these links that say to click on for “experts” that already know everything are NOT MEANT for somebody like you, but I guess you do know the kind of guys I mean.
If however you have a good sense of humor, then be my guest. Thanks again for the info I shall give that a try
Signed
Bernhard