1. Create an IP filter and filter operation 1. "Start" -> "Program" -> "Administrative Tool" -> Local Security Policy. Microsoft recommends using local security policies to set up IPsec settings because local security policies are only Apply to the local computer, and usually IPsec is tailored to a computer.
2. Right-click on "IP Security Policy, in Local Machines", select "Manage IP Filter Table and Filter Actions", start the management IP filter table and filter operation dialog. We must first create an IP filter and related Operation can create a corresponding IPSec security policy.
3. In the Manage IP Filter Table, press the "Add" button to create a new IP filter: 1) Fill in the appropriate name inside the IP Filter List dialog box, we use "TCP135" here. Description Casually fill out. Click the "Add ..." button on the right, start the IP Filter Wizard. 2) Skip the Welcome Dialog, Next. 3) In the IP Communication Source page, the source is selected "any IP address" Because we want to block incoming access. Next. 4) Select "My IP Address" in the IP Communication Target page. Next. 5) In the IP Protocol Type page, select TCP .. Next. 6) In the IP protocol port page, select "This port" and set to "135", others unchanged. Next. 7) Complete. Turn off the IP Filter List dialog. It will be found that the TCP135IP filter appears in the IP filter List.
4. Select the Manage Filter Actions tab, create a denied operation: 1) Click the Add button, start the Filter Operation Wizard, skip the welcome page, next. 2) In the filter Operation Name page, Fill in the name and fill in "Reject". Next. 3) Set the behavior to "Block" at the Filter Operations. Next. 4) Complete.
5. Turn off the Administration IP Filter Table and Filter Actions dialog.
II. Creating an IP Security Policy 1. Right-click on the IP Security Policy, in Local Machine, select "Create IP Security Policy", start the IP Security Policy Wizard. Skip Welcome Pages, the next step.
2. In the IP Security Policy Name page, fill in the appropriate IP security policy name, which we can fill in "Deny to TCP135 Port", which can be filled in. Next.
3. In the Security Communication Requirements page, do not select "Activate the default response rule". Next.
4. In the completion page, select Edit Properties. Complete.
5. Setting in the "Dewnation of the TCP135 Port Access Properties" dialog box. First set the rules: 1) Click the "Add ..." button below, start the security rule wizard. Skip the welcome page, next. 2 In the tunnel endpoint page, select the default "This rule does not specify the tunnel". Next. 3) In the network type page, select the default "all network connections". Next. 4) In the authentication method page, select Default "Windows 2000 Default (Kerberos V5 Protocol)". 5) Select the "TCP135" filter we just created in the IP filter list page. Next. 6) In the filter operation page, choose our Just now established "Reject" operation. Next. 7) In completing the page, do not select "Edit Properties", determine.
6. Turn off the "Reject The Access Properties" dialog for TCP135 ports.
III. Assignment and Application IPSec Security Policy 1. By default, any IPsec security policy is not assigned. First we have to assign newly established security policies. In the local security policy MMC, right-click our just established " "Reject the Access Properties for TCP135 Port" security policy, select "Assign". 2. Immediately refresh the group policy. Use the "SECEDIT / REFRESHPOLICY MACHINE_POLICY" command to refresh the group policy immediately. 139 ports The closure of the 139 port can also use the above method.
The 135 port is mainly used to use the RPC (Remote Procedure Call, Remote Procedure Call) protocol and provide the DCOM (Distributed Component Object Model) service, can ensure that the program running on a computer can smoothly execute the code on the remote computer smoothly through the RPC. Using DCOM can communicate directly through the network, it is possible to transmit multiple network transmissions across the HTTP protocol. Port Vulnerability: I believe that many of the Windows 2000 and Windows XP users have been "shock wave" viruses, which uses RPC vulnerabilities to attack computers. The RPC itself has a vulnerability in handling the message exchange portion through TCP / IP, which is caused by a message incorrect in the format. The vulnerability affects an interface between RPC and DCOM, which is 135.
The 139 port is provided for "NetBIOS Session Service", mainly used to provide Windows files and printer sharing and Samba services in UNIX. The service must be used in Windows to share files in the LAN. For example, in Windows 98, you can open the Control Panel. Double-click the Network icon. In the Configuration tab, click the "File and Print Shared" button to select the corresponding settings to install the service; in Windows 2000 / In XP, you can open the Control Panel, double-click the Network Connection icon, open your local connection properties; then, select Internet Protocol (TCP / IP) in the "General" tab of the Properties window, click Properties. Button; then in the open window, click the Advanced button; select the WINS tab in the Advanced TCP / IP Settings window, enable NetBIOS on the TCP / IP in the NetBIOS Settings area.
Port Vulnerability: Open 139 port Although you can provide sharing services, it is often used by attackers, such as port scan tools such as streaming, superscan, can scan the target computer's 139 port. If you find a vulnerability, you can try to get the username and Password, this is very dangerous.
