How to close port 445 on Windows 10. How to close tcp port

Suddenly, unusual activity was discovered, sites began to crash once a day for no apparent reason, and often even at night, when there were almost no visitors.

I wrote to the hoster, he replied that my traffic had increased. But where does it come from? According to my statistics, everything remained almost the same. But my hosting panel showed that huge traffic, measured in several megabits, often goes through my server!

Now on the screen it is normal, but it was thousands of times larger. Where does it come from? I ran the command to find out that they joined me there?

tcpdump -npi eth0 port domain

And this is what this command showed me:

08:06:28.927225 IP 46.8.19.20.33518 > 8.8.8.8.53: 31512+ A? torrents.empornium.me. (39) 08:06:28.948377 IP 8.8.8.8.53 > 46.8.19.20.33518: 31512 1/0/0 A 37.187.71.178 (55) 08:06:29.954971 IP 46.8.19.20.38343 > 8.8.8 .8. 53: 44472+ A? torrents.empornium.me. (39) 08:06:29.976711 IP 8.8.8.8.53 > 46.8.19.20.38343: 44472 1/0/0 A 37.187.71.178 (55) 08:06:29.977968 IP 46.8.19.20.38318 > 8.8.8 .8. 53: 15760+ A? torrents.empornium.me. (39) 08:06:29.977996 IP 46.8.19.20.38318 > 8.8.8.8.53: 24853+ AAAA? torrents.empornium.me. (39) 08:06:30.000435 IP 8.8.8.8.53 > 46.8.19.20.38318: 15760 1/0/0 A 37.187.71.178 (55)

As you can see, someone is downloading p@rno torrents from torrents.empornium.me through me. I don’t know how this happens yet, but in order to block insolent people and all such torrent traffic, you can simply quickly close all ports except the necessary ones.

How to close ports on a server?

First you need to install a simple ufw firewall:

Sudo apt-get install ufw

On Ubuntu it is installed by default, but not running. Let's run it:

Sudo ufw enable

After this, your sites should not open, as we have blocked EVERYTHING! Now we just need to open the ports we need with a simple command:

Sudo ufw allow 22 sudo ufw allow 80 sudo ufw allow 8080

I opened three ports: ssh port 22, proxy server port 80 and web server port 8080. After this, the sites began to open normally. To check the rules for your ports, issue the command:

Netstat -anltp | grep "LISTEN"

It showed me the following:

Tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1155/mysqld tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1315/varnishd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 980/ sshd tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1299/varnishd tcp6 0 0:::8080:::* LISTEN 2379/apache2 tcp6 0 0:::80:::* LISTEN 1315/varnishd tcp6 0 0:::22:::* LISTEN 980/sshd

This means everything is fine, after that the traffic dropped sharply, although torrents continue to knock on my firewall. But they can’t connect, and that’s good. It will be necessary to find the root of the problem, but this will happen later with the help of technical support, the main thing is that the enemy is disarmed!

After 10 minutes, I decided to add a little to the article, since technical support said that this was not all, I closed the entry ports, but everything was allowed to exit. Everything can be solved with one command:

Sudo ufw default deny outgoing

Now let's check everything with the team sudo ufw status verbose and look:

To Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 8080 ALLOW IN Anywhere 3306 ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6) 80 (v6) ALLOW IN Anywhere (v6) ) 8080 (v6) ALLOW IN Anywhere (v6) 3306 (v6) ALLOW IN Anywhere (v6)

True, the protocol of the sixth version remains open, but it seems that this is not critical.

WEBMASTER ADVICE: The ability to make money on the Internet is only half the battle, the other half is the ability to PROFITABLY cash out electronic money. Here is a list of offshore bank cards to which you can withdraw funds and then withdraw crisp bills from them:

1. Payoneer- The world's most popular payment system for freelancers. Issues cards, located in the USA.

2. EpayService- The American payment system, very popular in many countries, provides a MasterCard card in EVRO for free for residents of the CIS and Europe.

3. Skrill- The only payment system that works with cryptocurrencies and at the same time issues free MasterCard bank cards.

4. AdvCash- The offshore bank is located in Belize, you can open an account in dollars, euros, pounds and rubles.

5. Payeer- The headquarters of this payment system is located in Georgia, here you can also open an account in dollars, euros and rubles.

Yesterday, unknown people staged another massive attack using an encryption virus. Experts said that dozens of large companies in Ukraine and Russia were affected. The ransomware virus is called Petya.A (probably the virus is named after Petro Poroshenko). They write that if you create a perfc file (without extension) and place it at C:\Windows\, the virus will bypass you. If your computer reboots and starts “disk check”, you need to turn it off immediately. Booting from a LiveCD or USB drive will give you access to the files. Another method of protection: close ports 1024–1035, 135 and 445. We will now look at how to do this using Windows 10 as an example.

Step 1
Let's go to Windows Firewall(it’s better to choose enhanced security mode), select the “ Additional options».
Select the tab " Rules for incoming connections", then the action " Create a rule"(in the right column).

Step 2
Select the type of rule - “ for Port" In the next window, select “ TCP protocol", indicate the ports you want to close. In our case it is " 135, 445, 1024-1035 "(without quotes).

Step 3
Select the item “ Block connection", in the next window we mark all profiles: Domain, Private, Public.

Step 4
All that remains is to come up with a name for the rule (so that it will be easy to find in the future). You can specify a description of the rule.

If some programs stop working or work incorrectly, you may have blocked the port they are using. You will need to add an exception for them in the firewall.

135 TCP port used by remote services (DHCP, DNS, WINS, etc.) and in Microsoft client-server applications (for example, Exchange).

445 TCP port used in Microsoft Windows 2000 and later for direct TCP/IP access without using NetBIOS (for example, in Active Directory).

Publication

How to close ports?

Surely, if you have passed any computer security test on open ports, then you noticed that your system has one or more open ports. In this article we will try to explain to you how to behave in such a situation and what measures you need to take.

Before closing any of the ports, you need to make sure that it is actually open. But check the vulnerability of your computer using online tests available on various sites dedicated to computer security, such as our site. (You can check this at the link -) The next thing you need to do is find out if the port is being used by any program or system in order to choose the most convenient option for removing it - this information is located on the page called “Open Ports” of your system security. If you notice that a particular application is using a port, and you want to prevent it from using that port, then you will need to create a rule specifically for that application. If the port is open by the system or it is difficult for you to find out which program is opening the port, it is possible close the port globally. BUT it should be understood that sealing a port for the entire system may have negative consequences, since some legal network activity may also be blocked. Also, in order to identify applications that open ports, you always have the opportunity to use the list of the most commonly used system and Trojan ports.

The first and simplest option is to shut down programs or services that use these ports, that is, they open them. As a rule, these are from 135 to 139, as well as 445. Such manipulation can be done manually, but this requires specific knowledge and abilities. To simplify this goal a little, we advise you to use such a small program as Windows Worms Doors Cleaner, which weighs only 50kb. After installing and opening it, you will only need to click the buttons labeled Disable and Close, and then restart your computer. As a result, all indicators should turn green, which will mean that the ports we need are now closed. This method will help you seal only a few ports and will in no way replace installing a Firewall.

If we talk about the second option, then this is installing the Firewall program and creating certain rules for sealing ports. Which firewall to choose is up to you and no one else to decide. Nowadays there are a huge number of them.

How to close a tcp port?

Master's answer:

The TCP protocol is a standard for exchanging various information between personal computers. In operating systems, protocols and information exchange are enforced by a firewall called a firewall. This is a program that can test the status of an exchange area, or port. By using rules, you can control the exchange of information through any specific port.

Once you open the Start menu on your desktop in the lower left corner. Select the “Control Panel” tab and launch the “Firewall” option. If you have downloaded a view for various categories of actions, click on the “System and Security” link. After opening the settings page, click on “Firewall” to load the program window. This algorithm of actions is used if the Windows 7 operating system is used.

Next, you need to click on the “Advanced options” link in the column on the left of the page. After the User Account Control Center window loads, you will need to confirm your intentions and enter the administrator password.

Then, you will need to click on the line “Rules for incoming connections” in the new window on the left. After these actions, a list of necessary rules and appendices to them appears. Click on the inscription “Create a rule”, it is located in the upper right part of the window. Next, the wizard dialog will load to create rules for working with the firewall.

Then, you will need to check the “For port” line and click “Next”. Then check the “TCP Protocol” item on the next page that loads at the top, and at the bottom of it enter the port number whose availability you want to limit. Then click on the “Next” button.

You need to check the box next to “Block connection” and click “Next”. In the next window, you will need to check three boxes: public, private, domain, so that the rule you created will work for all types of connections. To go to the next setup page, you must click on the “Next” button.

Now, you need to give the rule you created a name, such as "Port 88", so that you can easily find it if needed. You can add a description if necessary. Click the “Done” button. The process of creating an inbound connection rule is now completed successfully.

If you repeat these steps, starting with the third and ending with the sixth point, then you will block outgoing connections and close the tcp port. The only difference will be that you will need to click on the “Rules for outgoing connection” link. After this, you need to close the settings window and restart your computer. Now this rule can work successfully.

This article will focus on the following question: how to open a port in Windows 7. It is worth noting that the given instruction diagram is valid only if the computer has a pre-installed standard firewall (in other words, FireWall).

We present the sequence of all the steps required to directly open ports in an operating system such as Windows 7. The instructions are not very complicated; every user, even the least experienced, can figure it out.

Opening ports on Windows 7

Step 1. Through “Start” you should open “Control Panel”.

Step 3. Go to “Additional”. parameters".

Step 4. After the previous step, a window called “Windows Firewall with Advanced Security” should definitely appear. After this, in the list on the left, you need to click on “Rules for incoming connections”.

Step 5. We turn our attention to the list on the right, where, as you might guess, you should select the “Create a rule” category. This procedure will open the “New Rule Wizard”.

Step 6. The wizard should ask you about the type of rule to create. In this case, you need to select “For port” and continue creating with the “Next” button.

Step 7. The next question will be, respectively, the number of the port to be created (or range). You need to enter the number in the cell called “Specified Local Ports.” It is important that if you need a range, then you need to use a hyphen. Click “Next”.

Step 8. Allow the connection and click “Next” again.

Step 9. For which profiles should the created port be used? In this case, we select three: Public, Domain and Private.

Step 10. You need to specify a name for the new port and, optionally, a specific description. Finally, confirm the creation of the rule with the “Finish” button. You can see the newly created rule at the very beginning of the entire list.

Open a port in Windows 7 important notes

1. If an external FireWall is installed on the computer (separately), then, accordingly, the port forwarding settings must be found in it. Note that in some cases, antivirus programs by default replace the functions of the standard FireWall.

2. If the connection to the Internet is via a modem/router, then the ports must be opened directly on the device.

3. It is also necessary to take into account the following: there are cases when the creation of new ports is closed directly by the provider itself. Then any actions will not lead to success, and you should contact your provider.