Let's see what ports are opened by which processes, taking those that are specific to Windows itself:
C:\Windows\system32>netstat -anb
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcEptMapper
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
eventlog
[svchost.exe]
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
[services.exe]
TCP 0.0.0.0:1036 0.0.0.0:0 LISTENING
[lsass.exe]
These ports are also open for the IPv6 address [::], which I believe means listen on any IPv6 address.
-
135: Remote Procedure Calls: Why are these needed? I don't want to allow others to call something.
-
445: NetBIOS/SMB: I'm not using this and have tried to disable this, but the port is still listening…
-
1025: NFS or IIS: Perhaps SMB? Because my IIS-related services are disabled.
-
1026: Remote Procedure Calls, DCOM: Kept open by the event log, same reason as 135.
-
1027: IIS: But why does this port still shows up when the IIS-related service have been disabled?
-
1028: NFS or IIS: Same reason as 1025.
-
1036: Nebula Secure Segment Transfer Protocol: What is this for? Seems a randomized port…
So, these are my questions:
-
I believe I don't need any of these ports, is there a way to disable them all?
-
If you believe a port shouldn't be disabled, can you explain me why?
-
If you believe a service shouldn't be disabled, can you still explain me how to disable the port?
-
I'm not asking for a firewall to block these ports, I want to literally disable them by registry settings.
Best Answer
Port 135: disable RPC service (under your Services page) Port 445: disable NetBIOS in your network properties
Ports above 1024 - less of a worry
What is your risk profile here? You would want your edge router/firewall to block all these anyway, so is it just your internal network you are concerned about?)