FAQ: One of the questions thrown at me was about closing down port 135. This of course entails disabling the corresponding application using the port, which, in this case is DCOM. Thus this procedure is also for disabling DCOM.
NOTE: Remember, before making any changes backup the registry or export the branch for safekeeping. Simply merge the backup in case things don't go as smoothly.
[1] Start by launching the registry editor.
Start » Run » regedit.
[2] Navigate over to key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ OLE
At the right column, locate the value "EnableDCOM" and modify the value to "N".
[3] Navigate to this registry key: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RPC
Right click on & Modify the value named "DCOM Protocols" Under the key "Value Data", you will see values like below (or something similar). These values keep port 135 open. Highlight everything listed and delete all existing data. Doing so gives "DCOM Protocols" blank data which will in turn close down port 135.
[4] It is now safe to disable the services related or tied to DCOM. Open Control Panel » Administrative Tools » Services. Disable the following services since DCOM has been disabled:
- COM+ Event System
- COM+ System Application
- System Event Notification
[5] Restart the computer after changes have been made. To verify, when your computer has restarted open a command terminal.
Type "netstat -an" and for certain you will no longer see port 135 -- meaning it has been closed. Hope this has helped you in finally closing down port 135, thereby eliminating a possible vulnerability.
In my experience, this has no impact on office applications or internet connectivity. If running other applications, consult with the vendor for requirements relating to port 135 (or DCOM) before closing it down.
Check with us again soon as we will outline how to close down port 137 (netbios-ns), port 138 (netbios-dgm) and port 139 (netbios-ssn).
