While you can configure hardware or enable a firewall to “stealth” these ports (or block all traffic through these ports), this is not as secure as completely “shutting down” ports. Firewalls can be bypassed, especially in targeted attacks. Another reason to close these ports (especially port 445) is to close the potential Sandboxie tunnel.
If you say that only one NAT router and (or) Windows Firewall are “stealth”, all of these ports resist inbound connections. However, why are these ports likely to open when you are not using them. In addition, Sandboxie bypass is also related to outbound connection, so the best solution closes these ports.
With the attack on the SMB protocol through the ports that SMB uses, so the job to do is to close ports 445, 135, 137 and 139 it is more secure and avoid conflicts or other problems than using 3rd party applications, software, learn more about
The steps below apply to Windows XP, but you can also apply on Windows 2000, Vista, and Windows 7. Also before performing the steps, proceed to backup the Registry Editor to avoid bad cases occurring, such as a certain setting wrong or not working, …. Although some systems do not use these ports, on your system or some others can use them.
How to block want to Cry virus on Windows XP, closing ports 445, 135, 137, 139
Before performing the closing process, you need to reconfirm that these ports are opened on the system. To do this enter the following command into the Command Prompt window:
netstat-an
Close port 445
To disable port 445, follow the steps below:
Step 1: First open the Registry Editor window.
Step 2: On the Registry Editor window you navigate by key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters
Step 3: In the right pane, create a DWORD value (REG_DWORD).
Step 4: Name the DWORD value (REG_DWORD) SMBDeviceEnabled.
Step 5: Double-click SMBDeviceEnabled, and set the value in the Value data field to 0.
Finally, restart your computer to apply the change.
To check if ports are closed (disabled), open Comamnd Prompt then enter the command below:
netstat -an
Close (disable) port 135 (close DCOM)
Follow the steps below to close port 135 (close DCOM):
Note: Before performing the closing process, proceed to backup the Registry Editor to avoid bad situations from happening.
Step 1: Open the Registry Editor window by selecting Start =>Run . Type regedit in the Run window, and then press Enter
Step 2: On the Registry Editor window, navigate by key:
HKEY_LOCAL_MACHINE Software Microsoft OLE
In the right column, find the value named EnableDCOM and change the value of EnableDCOM to N
Step 3: Continue navigating by the key below:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRPC
Find, right-click, and edit the DCOM Protocols value under the Value Data pane. You should now see values as shown below (or similar).
These values keep port state 135 open. Select all the values listed in the Value data pane and delete them.
When the DCOM Protocols data is empty, port 135 closes.
Step 4: The next step is to close DCOM-related services. Open Control Panel =>Administrative Tools =>Services .
Close the following services:
– COM+ Event System
– COM+ System Application
– System Event Notification
Step 5: Restart your computer to apply the changes. To be sure, once again, after your computer has finished booting, open a Command Prompt window.
Enter the command below in the window and you will no longer see port 135, simply because it is closed.
netstat -an
Close ports 137, 138, and 139
Step 1: Right-click My Network Places and select Properties
Step 2: The screen will display a window containing all available network connections on your computer. Right-click Local Area Connection and select Properties
Step 3: Scroll down to find and select Internet Protocol (TCP/IP), then click Properties . Now the screen will display another window, like the one below:
Step 4: On the Internet Protocol (TCP/IP) Properties window, click Advanced . Next, access the WINS tab.
Step 5: Under NetBIOS setting, check Disable NetBIOS over TCP/IP, click OK to apply the change.
Finally, click OK to close the other windows.
Ports 137, 138, and 139 on your computer will be closed. If your computer uses multiple network cards (NICs), perform the same steps on each network card.
Now that there are no ports listed, you have completely prevented want to Cry on Windows XP, closing ports 445, 135, 137, 139. Your computer will become more secure, this is a useful way to prevent want to Cry for those of you using Windows XP.
There are many ways to handle WannaCry with each different operating system, if you use Windows 10, you can also refer to how to handle WannaCry using the method of the National Information Security Administration.
https://thuthuat.taimienphi.vn/cach-chan-virus-wanna-cry-tren-windows-xp-dong-cac-cong-445-135-137-139-23828n.aspx
For those of you who do not use Windows XP, please follow the