A. There was a recent well-known problem that a telnet client could connect to an NT machine on port 135, type 10 characters and it would hang NT. There is no simple way to protect NT from a certain port attack. It is possible to configure NT to only accept incoming packets from a set of configured ports, however you have to name the ports you want to accept input from:

  1. From Control Panel, Double click on Network
  2. Click the Protocols tab
  3. Select TCP/IP and click Properties
  4. Click Advanced (bottom right)
  5. Check the "Enable Security" and click configure
  6. For TCP select "Permit Only" and enable only the ports you want to work (e.g. Web Browser is 80, FTP 21)
  7. Exit
  8. Reboot NT

To protect against the port 135 attack, install the RPC hotfix for Service Pack 2.

Service Pack 3 and some its Hotfixes are also highly desirable, and address a number of Internet attack methods.