How to stop listening at Port 135?
I have same question.
TCP port 135 is shared by DCOM(based on RPC) and Raw RPC server component as a public entrance of TCP/UDP/NamedPipe transport layer which is chosen by each DCOM/Raw RPC server component, so it's not simple as "disabling DCOM on this computer" will stop port 135.
Currently, i disable port 135 by adding firewall rule(disable 135) manually:
netsh advfirewall firewall add rule name="stop listening at TCP port 135" protocol=TCP dir=in localport=135 action=block enable=yes
Having testded RPC 135 port via tools rpcdump.py impacket open source project and something else concerned,
i have confirmed something about TCP port 135:
- Anyone can connect to TCP port 135 then get RPC interfaces list without any permission.
- Further usage on such RPC interfaces require authentication which i have not figured out how authentication works on TCP port 135.
- Disabling TCP port 135 will NOT affect SMB(Windows File Sharing etc..., you can still use psexec/mmc/registry from client machine to access this machine, this is because they all call RPC via SMB(TCP port 445)).
- Disabling TCP port 135 will NOT affect Local DCOM/Raw RPC server component because they do not need network.
- Disabling TCP port 135 will only affect some client machine which directly use DCOM remote activation (i.e. VB CreateObject("Excel.Application", RemoteMachine) ), or raw RPC binding on RemoteMachine(i.e, some windows old style internal management service)
The conclusion is that TCP port 135 is not useful for most non-server computer.
For server computer, i have not tested too much, seems something like "DFS Management" service automatically added firewall rule to enable the port.
Some external references:
Sika Shrestha
Updated on September 18, 2022Comments
-
Sika Shrestha over 1 year
I am learning Socket Programming (TCP server) On Windows 7, but an error message that keeps coming is:
port 135 is in use.
I can see Port 135 listening through
netstat
. So , I want to stop port 135 to make the TCP server program run.I have done the following things.
Navigate over to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
At the right column, locate the value
EnableDCOM
and modify the value toN
.Navigate to this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC
Right click on & Modify the value named
DCOM Protocols
Under the keyValue Data
, you will see values like below (or something similar). These values keep Port 135 open. Highlight everything listed and delete all existing data, thus disabling theDCOM
service throughdcomcnfg
.
But the Port 135 is still listening. How do I stop listening on that port?
I found the instructions here:
http://www.pimp-my-rig.com/2008/10/faq-disable-port-135-disable-dcom.html#sthash.Bt1qMvEf.dpuf
-
Sika Shrestha over 10 yearsActually i am trying socket programming (TCP server) but the error is coming as port 135 is in use and i can see port 135 listening through netstat. So , i want to stop port 135 to make TCP server program run.
-
David Schwartz over 10 yearsChange your program to use an unprivileged port (greater than or equal to 1,024).
-
Ron Maupin over 8 yearsPort 135 is already officially registered. You should use unregistered ports. IANA maintains the Service Name and Transport Protocol Port Number Registry. You take your chances when using a registered port.
-
HackSlash about 6 yearsIs this a question or an answer?
-
osexp2003 about 6 years@HackSlash It is an answer. I could not "stop listening at port 135" because many processes depends on it under the ground, and the system would not let you stop RPC service. So I chose an alternative way: disable incoming request to port 135.