How to stop listening at Port 135?

windows-7 networking windows-registry port sockets
21,626

I have same question.

TCP port 135 is shared by DCOM(based on RPC) and Raw RPC server component as a public entrance of TCP/UDP/NamedPipe transport layer which is chosen by each DCOM/Raw RPC server component, so it's not simple as "disabling DCOM on this computer" will stop port 135.

Currently, i disable port 135 by adding firewall rule(disable 135) manually: netsh advfirewall firewall add rule name="stop listening at TCP port 135" protocol=TCP dir=in localport=135 action=block enable=yes

Having testded RPC 135 port via tools rpcdump.py impacket open source project and something else concerned,
i have confirmed something about TCP port 135:

  1. Anyone can connect to TCP port 135 then get RPC interfaces list without any permission.
  2. Further usage on such RPC interfaces require authentication which i have not figured out how authentication works on TCP port 135.
  3. Disabling TCP port 135 will NOT affect SMB(Windows File Sharing etc..., you can still use psexec/mmc/registry from client machine to access this machine, this is because they all call RPC via SMB(TCP port 445)).
  4. Disabling TCP port 135 will NOT affect Local DCOM/Raw RPC server component because they do not need network.
  5. Disabling TCP port 135 will only affect some client machine which directly use DCOM remote activation (i.e. VB CreateObject("Excel.Application", RemoteMachine) ), or raw RPC binding on RemoteMachine(i.e, some windows old style internal management service)

The conclusion is that TCP port 135 is not useful for most non-server computer.

For server computer, i have not tested too much, seems something like "DFS Management" service automatically added firewall rule to enable the port.

Some external references:

Share:
21,626
Sika Shrestha
Author by

Sika Shrestha

Updated on September 18, 2022

Comments

  • Sika Shrestha
    Sika Shrestha over 1 year

    I am learning Socket Programming (TCP server) On Windows 7, but an error message that keeps coming is:

    port 135 is in use.

    I can see Port 135 listening through netstat. So , I want to stop port 135 to make the TCP server program run.

    I have done the following things.

    1. Navigate over to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

    2. At the right column, locate the value EnableDCOM and modify the value to N.

    3. Navigate to this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC

    4. Right click on & Modify the value named DCOM Protocols Under the key Value Data, you will see values like below (or something similar). These values keep Port 135 open. Highlight everything listed and delete all existing data, thus disabling the DCOM service through dcomcnfg.

    But the Port 135 is still listening. How do I stop listening on that port?

    I found the instructions here:

    http://www.pimp-my-rig.com/2008/10/faq-disable-port-135-disable-dcom.html#sthash.Bt1qMvEf.dpuf

    • Sika Shrestha
      Sika Shrestha over 10 years
      Actually i am trying socket programming (TCP server) but the error is coming as port 135 is in use and i can see port 135 listening through netstat. So , i want to stop port 135 to make TCP server program run.
    • David Schwartz
      David Schwartz over 10 years
      Change your program to use an unprivileged port (greater than or equal to 1,024).
    • Ron Maupin
      Ron Maupin over 8 years
      Port 135 is already officially registered. You should use unregistered ports. IANA maintains the Service Name and Transport Protocol Port Number Registry. You take your chances when using a registered port.
  • HackSlash
    HackSlash about 6 years
    Is this a question or an answer?
  • osexp2003
    osexp2003 about 6 years
    @HackSlash It is an answer. I could not "stop listening at port 135" because many processes depends on it under the ground, and the system would not let you stop RPC service. So I chose an alternative way: disable incoming request to port 135.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 7 port Forwarding Issue
Open TCP port in Windows 7 and read incoming data, what program to use?
Disable "Remember my credentials" on Windows 7 Home Premium
System process is using a port, why? Windows 7
How many serial ports can be configured in Windows 7?
How to determine why port 443 is already in use?
Unwillingly syncing network folder during program write to file
Something is using port 80 and I can't figure out what
What is the difference and relationship between a process id and a port number?
Why was port 80 chosen as the default HTTP port and 443 as the default HTTPS port?