General information about port 445
Among the new ports used by Windows 2000 is TCP port 445 which is used
for SMB over TCP. The SMB (Server Message Block) protocol is used among
other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on
top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138
(UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to
run SMB directly over TCP/IP, without the extra layer of NetBT. For this
they use TCP port 445.
At its simplest NetBIOS on your LAN may just be a
necessary evil for legacy software. NetBIOS on your WAN or over the
Internet, however, is an enormous (read foolish...) security risk.
All sorts of information, such as your domain, workgroup and system names,
as well as account information is obtainable via NetBIOS. It really is in
your best interests to ensure that NetBIOS never leaves your network.
If you are using a router as your Internet gateway
then you will want to ensure that it does not allow inbound or outbound
traffic via TCP ports 135-139.
If you're using a Firewall then you should also block the same ports - TCP
ports 135-139.
If you are using a multi-homed machine i.e. more than 1 network card,
then you should disable NetBIOS on every network card, or Dial-Up Connection
under the TCP/IP properties, that is not part of your local network.
How to disable NetBIOS over TCP/IP?
In Windows 2000/XP you have the ability to disable NetBIOS over TCP/IP.
You do this by right-clicking on My Network Places and selecting Properties.
Then right-click on the appropriate Local Area Connection icon, and select
Properties. Next, click on Internet Protocol (TCP/IP) and Properties.
Now click Advanced, and select the WINS tab.
There you can enable or disable NetBIOS over TCP/IP.
The changes take effect immediately without rebooting the system.
Note : You
will get an event in your even log if you do not also disable the
TCP/IP NetBIOS Helper Service service. You can Disable this service in
Control Panel > Administrative Tools > Services if desired. |
How to disable port 445?
You can easily disable port 445 on your computer. To do so follow these
instructions: Open regedit and go to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters
Under that key locate the entry named TransportBindName.
Double click the TransportBindName entry and then delete it's default value, thus giving it a
blank value.
Reboot for change to take effect.
After rebooting open a command prompt and run netstat -an to verify that your computer
is no longer listening on port 445.
Windows 2000/XP
Client and Server port 139 & 445 usage
If a client machine has NetBT (NetBIOS over TCP/IP) enabled, it will always try to connect to the server
at both port 139 and 445 simultaneously. If there is a response from port
445, it sends a Reset (RST) flag to port 139, and continues it's SMB session to port 445
only. If there is no response from port 445, it will continue it's SMB
session to port 139 only, if it gets a response from there. If there is no
response from either of the ports, the session will fail completely.
If the client has NetBT disabled, it will always try to connect to the
server at port 445 only. If the server answers on port 445, the session will
be established and continue on that port. If it doesn't answer, the session
will fail completely. This is the case if the server for example runs
Windows NT 4.0.
If the server has NetBT enabled, it listens on UDP ports 137, 138, and on
TCP ports 139, 445. If it has NetBT disabled, it listens on TCP port 445
only.
|