(win7如何關閉139端口)背景近兩年來,勒索病毒不斷肆虐全球網絡,通過漏洞發起的攻擊占攻擊總數的87.7%,135 137 138 139 445端口給我們帶來便利的同時,同樣也給了黑客可乘之機,關閉這些危險端口意味著黑客想攻破你的電腦,難度高了很多。上個月廣州移動的安全檢查行動中,有一項就是要給移動員工的電腦關閉這個危險端口,一幢辦公樓里面約有四五千名員工,人手1臺電腦,有些人甚至2臺,由于沒有使用域環境,手動去給每臺電腦關閉這些端口,工作量不言而喻。關閉這些端口步驟做成批處理文件,群發給移動員工在自己電腦上一鍵運行的方式,顯得非常有必要。端口簡介TCP端口135135端口作用就是進行遠程,可以在被遠程的電腦中寫入惡意代碼,危險極大。UDP端口137、138137端口是在局域網中提供計算機的名字或IP地址查詢服務,使用者只需要向局域網或互聯網上的某臺計算機的137端口發送一個請求,就可以獲取該計算機的名稱、注冊用戶名,以及是否安裝主域控制器、IIS是否正在運行等信息。138端口的主要作用就是提供NetBIOS環境下的計算機名瀏覽功能。TCP端口139、445主要用于Windows"文件和打印機共享"和SAMBA。關閉危險端口后對電腦有什么影響?關閉135 137 138 139 445端口及對應服務后,依賴這些端口和服務的應用或服務都會受到影響,引起的故障現象多種多樣,這里不做描述,主要說明以下2種:影響文件共享服務。關閉后你的電腦將無法創建SMB文件共享,也無法訪問其他電腦使用SMB協議共享的文件;建議改用更為安全的ftp共享作為文件共享的代替方案。影響打印機共享服務。如果是局域網內其他電腦通過打印機的ip連接成功后,再將打印機分享給你的電腦,那關閉端口后你的電腦將無法連接其他電腦共享出來的打印機;如果你的電腦是通過老式的COM、現在流行的USB數據線直接連接到打印機,或者是通過打印機的ip直接連接,那你的電腦將不會受到影響,打印機服務依然可以正常使用。關閉方法方式:windows批處理腳本運行環境:win7系統、win10系統步驟演示(以win7系統為例,演示圖片請放大查看!)查詢135 137 138 139 445端口的狀態在電腦桌面狀態按組合鍵win+r,輸入cmd,回車在命令行窗口輸入netstat –an 并回車,即可看到所有開啟的端口及對應的協議、外部地址和狀態。創建并運行批處理文件右鍵點擊桌面空白處,點擊“新建文檔”復制下面的代碼粘貼到記事本中,點擊“文件” >> 點擊“另存為”@echo offcolor 0A echo.echo 》》獲取管理員權限...%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit@echo off color 0A title 一鍵屏蔽危險端口和服務echo.echo 》》開啟Windows防火墻服務echo.net start MpsSvcecho 》》設置Windows防火墻為自啟動echo.sc config MpsSvc start= autoecho.echo 》》啟用防火墻echo.netsh advfirewall set allprofiles state onecho ------------------echo -------------------------------------------------echo.echo 》》正在屏蔽135端口 請稍候… netsh advfirewall firewall delete rule name = "Disable port 135 - TCP"netsh advfirewall firewall add rule name = "Disable port 135 - TCP" dir = in action = block protocol = TCP localport = 135 netsh advfirewall firewall delete rule name = "Disable port 135 - UDP"netsh advfirewall firewall add rule name = "Disable port 135 - UDP" dir = in action = block protocol = UDP localport = 135:修改注冊表reg add "hklm\SOFTWARE\Microsoft\Ole" /v "EnableDCOM" /t reg_sz /d "N" /freg add "hklm\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t reg_multi_sz /d "" /freg add "hklm\SOFTWARE\Microsoft\Rpc\internet" /t reg_sz /fecho.echo ------------------echo -------------------------------------------------echo.echo 》》正在屏蔽137端口 請稍候… echo.netsh advfirewall firewall delete rule name = "Disable port 137 - TCP"netsh advfirewall firewall add rule name = "Disable port 137 - TCP" dir = in action = block protocol = TCP localport = 137netsh advfirewall firewall delete rule name = "Disable port 137 - UDP"netsh advfirewall firewall add rule name = "Disable port 137 - UDP" dir = in action = block protocol = UDP localport = 137echo ------------------echo -------------------------------------------------echo.echo 》》正在屏蔽138端口 請稍候… netsh advfirewall firewall delete rule name = "Disable port 138 - TCP"netsh advfirewall firewall add rule name = "Disable port 138 - TCP" dir = in action = block protocol = TCP localport = 138netsh advfirewall firewall delete rule name = "Disable port 138 - UDP"netsh advfirewall firewall add rule name = "Disable port 138 - UDP" dir = in action = block protocol = UDP localport = 138echo ------------------echo -------------------------------------------------echo.echo 》》正在屏蔽139端口 請稍候… netsh advfirewall firewall delete rule name = "Disable port 139 - TCP"netsh advfirewall firewall add rule name = "Disable port 139 - TCP" dir = in action = block protocol = TCP localport = 139netsh advfirewall firewall delete rule name = "Disable port 139 - UDP"netsh advfirewall firewall add rule name = "Disable port 139 - UDP" dir = in action = block protocol = UDP localport = 139echo.echo 》》關閉TCP/IP NetBIOS Helper(lmhosts)共享服務echo.sc stop lmhostssc config lmhosts start= disabledecho.echo ------------------echo -------------------------------------------------echo.echo 》》正在關閉445端口 請稍候… netsh advfirewall firewall 電腦 delete rule name = "Disable port 445 - TCP"netsh advfirewall firewall add rule name = "Disable port 445 - TCP" dir = in action = block protocol = TCP localport = 445netsh advfirewall firewall delete rule name = "Disable port 445 - UDP"netsh advfirewall firewall add rule name = "Disable port 445 - UDP" dir = in action = block protocol = UDP localport = 445echo.echo 》》關閉Server(LanmanServer)服務echo.sc stop LanmanServersc config LanmanServer start= disabledecho.echo 》》關閉NetBT服務echo.sc stop NetBTsc config NetBT start= disabled:修改注冊表reg add "hklm\System\CurrentControlSet\Services\NetBT\Parameters" /v "SMBDeviceEnabled" /t reg_dword /d "0" /fecho.echo ------------------echo -------------------------------------------------echo.echo 》》關閉Workstation(LanmanWorkstation)服務echo.sc stop 電腦 LanmanWorkstationsc config LanmanWorkstation start= disabledecho.echo ------------------echo -------------------------------------------------echo.echo 》》關閉Distributed Transaction Coordinator(MSDTC)共享服務echo.sc stop MSDTCsc config MSDTC start= disabledecho.echo ------------------echo -------------------------------------------------echo.echo 》》危險端口已經關閉,請重新啟動電腦后用netstat -an命令查看本地端口echo.echo 》》請按任意鍵退出!echo.pause>nul輸入文件名“關閉135_137_138_139_445危險端口.bat” >>保存類型選擇“所有文件”>>編碼選擇“ANSI” >> 點擊“保存”雙擊運行剛剛另存為的bat文件運行完成后的狀態如下圖所示手動重啟電腦批處理所做的一部分改動需要重啟電腦才會生效。重啟之前請先確認保存正在編輯的文檔或網頁表單。再次查詢135 137 138 139 445端口的狀態重啟完成后,在電腦桌面狀態按組合鍵win+r,輸入cmd,回車;在命令行窗口輸入netstat –an ,回車。可以看到135 137 138 139 445端口已經關閉。寫在最后經實踐,該批處理程序在win7、win10系統的管理員用戶下運行正常、有效。廣大讀者如有疑問,歡迎評論或私信提出,一起討論學習!電腦
綜合
