How to close in XP does not need unsafe port

By default, windows has many ports open. When you are online, network viruses and hackers can connect to your computer through these ports. So should be closed There are mainly tcp 135, 139, 445, 593, 1025 ports and udp135, 137, 138, 445 ports, some popular virus backdoor ports, such as tcp 2745, 3127, 6129 ports, and remote service access port 3389. The following describes how to manually in xp/2k/2003 Close these network ports. 1. Click "Start Menu/Settings/Control Panel/Administrative Tools", double-click to open "Local Policies", select "ip security policy, right click on the blank location on the right side of the local computer" Mouse, talk about the shortcut menu, select "create ip security policy", pop-up wizard. Click Next in the wizard, when the "secure communication request" screen is displayed, activate "activate the default corresponding rule" Remove the hook on the left and click "Complete" to create a new ip security policy. 2. Right-click on the ip security policy and in the "Properties" dialog box, use " Remove the hook on the left side of the wizard " then click the "Add" button on the right to add a new rule, then pop up the "New Rule Properties" dialog box, click on the "Add" button on the screen to pop up Ip filter list window. In the list, first remove the "Use Add Wizard" left hook, then click the "Add" button on the right to add a new filter. 3, Go to "Filter Properties 'Dialog box, the first thing to see is the address, the source address is selected "any ip address", the target address is selected "my ip address", click "protocol" tab, in "select protocol type In the " drop-down list, select “tcp", then type "135" in the text box under "to this port", click OK. This adds a filter that blocks the tcp135 port, which prevents it. The outside world is connected to your computer through port 135. Click OK to return to the filter list dialog box, you can see that a policy has been added. Repeat the above steps to continue adding tcp 137 139 445 593 port and udp 135 139 445 port, For it We create the corresponding filter. Repeat the above steps to add the tcp 125 2745 3127 6129 3389 port shielding policy, set up the filter for the above port, and finally click the OK button. 4, in the "New Rule Properties" dialog box , select "New ip filter list' and click on the checkbox to the left to indicate that it has been activated. Finally click on the "Filter action" tab, remove "Use Add Wizard" on the left hook to remove it, click "Add" button, "Block" action, in the "Security" tab of the "New Filter Action Properties", select "Block", then click "OK" 5. Go to the "New Rule Properties" dialog box, click "New Filter Action"., select the check box to the left to indicate that it has been activated, click the "Close" button to close the dialog box. Finally " The new ip security policy attribute " dialog box, check the left side of the "new ip filter list", press OK to close the dialog box. In the "Local Security Policy" window, right click on the newly added ip Security policy, then select &q Uot; Assign ". After rebooting, the above port can be closed! The computer is much safe!!! How to close the port? Each service corresponds to the corresponding port. For example, the well-known WWW service port is 80, smtp is 25, and ftp is 21. The default is to open these services in win2000 installation. It is really unnecessary for individual users. Turning off the port means turning off useless services. “Control Panel" Administrative Tools""Service” in the configuration. 1. Close port 7.9 and so on: Close SimpleTCP/IPService and support the following TCP/IP services: CharacterGenerator, Daytime, Discard, Echo, and QuoteoftheDay. 2. Turn off port 80: Turn off the WWW service. The name ""WorldWideWebPublishingService" is displayed in "Service", providing web connection and management through the management unit of Internet Information Services. 3. Turn off port 25: Turn off the SimpleMailTransportProtocol (SMTP) service, which provides the ability to send email across the network. 4. Turn off port 21: Close the FTPPublishingService, which provides the service to provide FTP connection and management through the management unit of the Internet information service. 5. Turn off port 23: Turn off the Telnet service, which allows remote users to log in to the system and run the console program using the command line. 6. Another important thing is to turn off the server service, which provides RPC support, file, print, and named pipe sharing. Turning it off turns off Win2k's default share, such as ipc$, c$, admin$, etc. This service shutdown does not affect your shared operations. 7, there is one is 139 port, 139 port is NetBIOSSession port, used for file and print sharing, note that the Unix machine running samba also open 139 port, the same function. In the past, Streamer 2000 was used to judge the host type of the other party is not accurate. It is estimated that the port 139 is open and considered to be an NT machine. Now it is good. To close the 139 listening method, select "Internet Protocol (TCP/IP)" attribute in "Network and Dial-up Connection" in the "Local Area Connection", enter "<quo;Advanced TCP/IP Settings" " WINS "Settings" has a "NETBIOS" for disabling TCP/IP, and ticked off port 139. For individual users, you can set it to “disable” in each service property setting to avoid restarting the service next time, and the port is also open. We generally use some powerful anti-blackware and firewall to ensure our system security, but some users do not have the above conditions. How to do it? Here's a simple way to do it —— to help prevent illegal intrusions by limiting ports. The way to illegally invade In a nutshell, the way of illegal intrusion can be roughly divided into four types: 1. Scan the port and attack the host through a known system bug. 2, planting a Trojan, using the back door opened by the Trojan to enter the host. 3. Using data overflow means to force the host to provide the back door to enter the host. 4. Use some software designed vulnerabilities to directly or indirectly control the host.