How to block port 135 on NT4 workstation

[hughsie99]

Hi Folks
Following the recent Blaster/Welchia worm attacks I want to stop NT workstations listening on port 135. We have external firewall blocking, but the attack came from within.

I have Netbios disabled in the Protocol bindings, and have also unchecked LMHosts lookups, but netstat - a still shows TCP port 135 listening.

Have turned off Netbios Helper Service.
Microsoft Networking is not installed, and the only protocols in use are IP and IPX

Any suggestions on what I'm missing.
Thanks
Tony

 

[PAndersen]

Maybe you can do it from Control Panel >Network > Protocols > TCP/IP > Advanced > Security Configure .

 

[wolluf]

You'll need a port blocking app or firewall on each NT workstation to do this (port blocker from

http://www.analogx.com?

- though I use this & it baulks at blockiong 135-9). But, assuming you've install the M$ patch and/or you've bloced port 135 externally and removed all instances of the worm internally you should be ok?

 

[wolluf]

PS - M$ patch here

http://www.microsoft.com/downloads/...4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en

 

[hughsie99]

Thanks guys, I appreciate your help.

Hughsie

 

[jrbarnett]

If you don't need the Microsoft networking you can disable the computer browser and server services which will close port 135 (but this will also disable microsoft networking)

John