1. Add firewall rules
Please use the [powershell] of [run as administrator] to execute the following command, please ensure that the firewall is turned on.
echo [信息] 添加防火墙规则
New-NetFirewallRule -DisplayName 'block-135-TCP-In' -Description '阻止TCP135端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 135
New-NetFirewallRule -DisplayName 'block-135-UDP-In' -Description '阻止UDP135端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 135
New-NetFirewallRule -DisplayName 'block-137-TCP-In' -Description '阻止TCP137端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 137
New-NetFirewallRule -DisplayName 'block-137-UDP-In' -Description '阻止UDP137端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 137
New-NetFirewallRule -DisplayName 'block-138-TCP-In' -Description '阻止TCP138端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 138
New-NetFirewallRule -DisplayName 'block-138-UDP-In' -Description '阻止UDP138端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 138
New-NetFirewallRule -DisplayName 'block-139-TCP-In' -Description '阻止TCP139端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 139
New-NetFirewallRule -DisplayName 'block-139-UDP-In' -Description '阻止UDP139端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 139
New-NetFirewallRule -DisplayName 'block-445-TCP-In' -Description '阻止TCP445端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol TCP -LocalPort 445
New-NetFirewallRule -DisplayName 'block-445-UDP-In' -Description '阻止UDP445端口入站'-Profile 'Domain,Private,Public' -Direction Inbound -Action block -Protocol UDP -LocalPort 445
echo [信息]操作成功完成!
2. Stop and disable related services
echo [信息]正在停止并禁用[远程注册表]服务
net stop RemoteRegistry
Set-Service RemoteRegistry -StartupType Disabled
echo [信息]正在停止并禁用[Server]服务
net stop LanmanServer
Set-Service LanmanServer -StartupType Disabled
echo [信息]正在停止并禁用[TCP/IP NetBIOS Helper]服务
net stop lmhosts
Set-Service lmhosts -StartupType Disabled
After executing the above command, you need to restart the computer.
3. Set strong account passwords
You can use a password generator to generate high-strength account passwords to prevent brute force cracking.
4. Verify port status
1. Execute the following commands on this machine:
netstat -ano|findstr 135
netstat -ano|findstr 137
netstat -ano|findstr 138
netstat -ano|findstr 139
netstat -ano|findstr 445
2. Detect the opening of the computer's port through other hosts, assuming that the computer's IP address is: 192.168.1.1
tcping 192.168.1.1 135
tcping 192.168.1.1 137
tcping 192.168.1.1 138
tcping 192.168.1.1 139
tcping 192.168.1.1 445