I found that Windows 98 likes to install the Client for Microsoft Networks feature whenever new network components are installed. I didn't like this, as it actually opens ports 135 137 138 139 445 etc to provide peer to peer file sharing in a system called netbios.
It's well known this is or can be a security problem as they say
close all services you don't want to use. I don't use it anyway as
I can use ftp (i.e. vsftpd) for file sharing and lpd (i.e. printtool + lprng) for printer sharing. Windows XP does support lpr, but
Windows 98 requires a client such as ftp://ftp.dlink.com/Printserver/LPR/LPR_100.zip
This leaves the problem of removing it. If windows has been freshly installed with an ethernet adapter, then netbios can be removed by declining the request for a reboot, then going straight for the network control panel and removing the client.
If the client has already been installed by a reboot, simply removing client for microsoft networks may not close those ports. On removal, the OS may also complain that the network is not complete. Simply continue. It's also necessary to remove the drivers and registry entries
On windows XP and beyond, there is a built in firewall. It is best to use that, as it protects the remote control features adequately, and can always be enabled, even if a machine is part of a "domain"
Enabling "file and print sharing" to local lan if needing to do centralised login, but note that other machines there may compromise yours if there is a problem.
Alternativly it is passible to close all the ports, but it is preferable to use the built-in firewall.
C:\Documents and Settings\User>netstat -nao Active Connections Proto Local Address Foreign Address State PID C:\Documents and Settings\User>
We set up Windows XP Services like this. Don't enable anything not absolutly necessary, they've been seen to open ports other than the obvious ones.
Name | Startup Type |
---|---|
Application Layer Gateway Service | Manual |
Application Management | Manual |
Automatic Updates | Automatic |
Background Intelligent Transfer Service | Manual |
ClipBook | Manual |
COM+ Event System | Manual |
COM+ System Application | Manual |
Cryptographic Services | Manual |
DHCP Client | Automatic |
Distributed Link Tracking Client | Manual |
Distributed Transaction Coordinator | Manual |
DNS Client | Manual |
Error Reporting Service | Manual |
Event Log | Manual |
Fast User Switching Compatibility | Manual |
Fax | Manual |
FTP Publishing | Manual |
Help and Support | Manual |
Human Interface Device Access | Manual |
IIS Admin | Manual |
IMAPI CD-Burning COM Service | Manual |
Indexing Service | Manual |
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) | Manual |
IPSEC Services | Manual |
IPv6 Helper Service | Automatic |
IPv6 Internet Connection Firewall | Automatic |
Logical Disk Manager | Manual |
Logical Disk Manager Administrative Service | Manual |
Message Queuing | Manual |
Message Queuing Triggers | Manual |
MS Software Shadow Copy Provider | Manual |
NetMeeting Remote Desktop Sharing | Manual |
Network Connections | Manual |
Network DDE | Manual |
Network DDE DSDM | Manual |
Network Location Awareness (NLA) | Manual |
Peer Name Resolution Protocol | Manual |
Peer Networking | Manual |
Peer Networking Group Authentication | Manual |
Peer Networking Identity Manager | Manual |
Performance Logs and Alerts | Manual |
Plug and Play | Automatic |
Portable Media Serial Number Service | Manual |
Print Spooler | Manual |
Protected Storage | Manual |
QoS RSVP | Manual |
Remote Access Auto Connection Manager | Manual |
Remote Access Connection Manager | Manual |
Remote Desktop Help Session Manager | Manual |
Remote Procedure Call (RPC) | Automatic |
Remote Registry | Manual |
Removable Storage | Manual |
RIP Listener | Manual |
Routing and Remote Access | Disabled |
Secondary Logon | Manual |
Security Accounts Manager | Manual |
Shell Hardware Detection | Manual |
Simple Mail Transfer Protocol (SMTP) | Manual |
Simple TCP/IP Services | Manual |
Smart Card | Manual |
Smart Card Helper | Manual |
SNMP Service | Manual |
SNMP Trap Service | Manual |
SSDP Discovery Service | Disabled |
System Event Notification | Manual |
System Restore Service | Manual |
Task Scheduler | Manual |
TCP/IP NetBIOS Helper | Manual |
TCP/IP Print Server | Manual |
Telephony | Manual |
Telnet | Manual |
Terminal Services | Manual |
Themes | Automatic |
Uninterruptible Power Supply | Manual |
Universal Plug and Play Device Host | Manual |
Upload Manager | Manual |
Volume Shadow Copy | Manual |
WebClient | Manual |
Windows Audio | Automatic |
Windows Image Acquisition (WIA) | Manual |
Windows Installer | Manual |
Windows Management Instrumentation | Manual |
Windows Management Instrumentation Driver Extensions | Manual |
Windows Time | Manual |
Wireless Zero Configuration | Automatic |
WMI Performance Adapter | Manual |
World Wide Web Publishing | Manual |
I applied this patch to the registry to shut off NetBT etc
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="N" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc] "DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00,\ 00,00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,6e,00,62,00,00,\ 00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,69,00,70,00,78,00,\ 00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "TransportBindName"=""
Enter my network places, and remove microsoft client and network services, thus disabling netbios.
You may also want to install NetBEUI off setup disk, so netbios will bind that instead of TCP/IP
Enter folder options (in windows explorer) and switch off simple file sharing.
Get into Component Services in the control panel, branch down into my computer properties, enter tabs MSDTC, security and untick network DTC and XA. Get into Default properties, ensure DCOM is disabled and in Default protocols, remove all dcom protocols, especially TCP/IP
check netstat -nao again, and if you see open ports (having closed all windows, MSN messenger etc) use PIDS to locate tasks in "tasklist /svc" and in the CTRL+ALT+DEL task manager, (you can see processes and can enable a PID column), killing a task may close it's port.