Let's see what ports are opened by which processes, taking those that are specific to Windows itself:

C:\Windows\system32>netstat -anb

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP                LISTENING
  TCP                LISTENING
 Can not obtain ownership information
  TCP               LISTENING
  TCP               LISTENING
  TCP               LISTENING
  TCP               LISTENING
  TCP               LISTENING

These ports are also open for the IPv6 address [::], which I believe means listen on any IPv6 address.

  • 135: Remote Procedure Calls: Why are these needed? I don't want to allow others to call something.

  • 445: NetBIOS/SMB: I'm not using this and have tried to disable this, but the port is still listening...

  • 1025: NFS or IIS: Perhaps SMB? Because my IIS-related services are disabled.

  • 1026: Remote Procedure Calls, DCOM: Kept open by the event log, same reason as 135.

  • 1027: IIS: But why does this port still shows up when the IIS-related service have been disabled?

  • 1028: NFS or IIS: Same reason as 1025.

  • 1036: Nebula Secure Segment Transfer Protocol: What is this for? Seems a randomized port...

So, these are my questions:

  • I believe I don't need any of these ports, is there a way to disable them all?

  • If you believe a port shouldn't be disabled, can you explain me why?

  • If you believe a service shouldn't be disabled, can you still explain me how to disable the port?

  • I'm not asking for a firewall to block these ports, I want to literally disable them by registry settings.

  • Which version of windows?
    – Moab
    Commented Apr 6, 2011 at 15:12
  • You can use this website for advice on what services are and if they can be disabled and what are the consequences of doing so....blackviper.com/wiki/Main_Page
    – Moab
    Commented Apr 6, 2011 at 15:13
  • @Moab: Updated the tags, sees I'm consequently forgetting the OS tag. Yeah, I'm running a minimal set of services for performance purposes, still, these ports are open and my system is listening to them... Commented Apr 6, 2011 at 15:14
  • I don't know, I don't have any of those ports open on my clean install W764bit. Run netsat with ano, note the pid for each open port, then try to find that pid in task manager.
    – Moab
    Commented Apr 6, 2011 at 17:30
  • @Moab: Are you sure you are running the command as administrator? Commented Apr 6, 2011 at 17:39

1 Answer 1


Port 135: disable RPC service (under your Services page)

Port 445: disable NetBIOS in your network properties, or by running (as admin): https://github.com/hvs-consulting/disable-netbios

Ports above 1024: are less of a worry.

What is your risk profile here? You would want your edge router/firewall to block all these anyway, so is it just your internal network you are concerned about?)

  • The RPC service can't be disabled, I've disabled NetBIOS for every adapter and the port still shows up even after reboot. Ports above 1024 are no different IMO. I just want them disabled even if a firewall is already closing them or making them stealth. And more specific: I want to know for what reason these ports are open and can't be disabled if that's the case... Commented Apr 6, 2011 at 16:12
  • 1
    @Tom - Windows does behave a bit badly when it comes to ports, in that some can't be entirely disabled, however if you can remove the service then it doesn't really matter as the port is not then capable of being used. Ports above 1024 are not privileged ports so much less of a risk. With a windows machine I would not rely on it keeping a particular service disabled through patches/upgrades etc so I would always run a local firewall. Windows 7 firewall is actually very good (I know you said you don't want firewall solution, but sometimes it is the most appropriate)
    – Rory Alsop
    Commented Apr 6, 2011 at 16:18
  • 1
    As for the risk profile: university network, technical side of a computer store where laptops are repaired and have the potential to spread a virus across the network, LAN parties. And it's even more nice to protect the machine against itself too, I know that Comodo does this to a large extent but I'm just wondering if it is possible to get the ports disabled... Commented Apr 6, 2011 at 23:02
  • Well, I'm no longer concerned and I run Comodo Firewall by now so internal attacks are the only thing left. And I guess these aren't really possible and I would rather break things... Commented May 5, 2011 at 7:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .