Disabling Port 445

CloneRanger · Aug 29, 2013

445 microsoft-ds replaced NetBios Ports 137/9 in 98.

Port 445 Details

445 tcp microsoft-ds TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. This service is only implemented in the more recent verions of Windows (e.g. Windows 2K / XP). The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2K/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). In Windows 2K/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

Port 445 should be blocked at the firewall level. It can also be disabled by deleting the HKLM\System\CurrentControlSet\Services \NetBT\Parameters\TransportBindName (value only) in the Windows Registry.

http://www.speedguide.net/port.php?port=445
Click to expand...

Background and Additional Information:

While ports 137-139 were known technically as "NBT over IP", port 445 is "SMB over IP". (SMB is known as "Samba" and stands for "Server Message Blocks".) After all of the trouble the personal computer industry has had with Microsoft's original Windows NetBIOS ports 137 through 139, it is difficult to imagine or believe that Microsoft could have actually made things significantly worse with their replacement port 445 . . . but they did.

https://www.grc.com/port_445.htm
Click to expand...

Disabling Port 445 (SMB) Entirely

There does not seem to be a way to stop Windows from binding to port
445.
Taken from Microsoft Knowledge Base article Q253959

"The NetbiosSmb device, used for direct-hosted SMB traffic, is global
and cannot be unbound from a particular network adapter. This behavior
is by design."

--

Nothing you can do about 445. The theory is that it can be "disabled"
by shutting down the server and workstation services, which are what
actually services that port. Unfortunately, this does not actually have
the effect of closing the port for either UDP or TCP connections. I'm
sure you've already reached these conclusions though.

Microsoft has stated in several KB articles that this is "by design"
without choosing to reveal more about why that is so.

http://seclists.org/bugtraq/2002/Aug/426
Click to expand...

Direct hosting of SMB over TCP/IP

Use the following steps to disable NetBIOS over TCP/IP; this procedure forces all SMB traffic to be direct hosted. Take care in implementing this setting because it causes the Windows-based computer to be unable to communicate with earlier operating systems using SMB traffic:

1. Click Start, point to Settings, and then click Network and Dial-up Connection.
2. Right-click Local Area Connection, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced.
5. Click the WINS tab, and then click Disable NetBIOS over TCP/IP.

You can also disable NetBIOS over TCP/IP by using a DHCP server with Microsoft vendor-specific option code 1, ("Disable NetBIOS over TCP/IP"). Setting this option to a value of 2 disables NBT. For more information about using this method, refer to the DHCP Server Help file in Windows.

*

NetBT_Tcpip is bound to each adapter individually; an instance of NetBT_Tcpip is shown for each network adapter that it is bound to. NetbiosSmb is a global device, and is not bound on a per-adapter basis. This means that direct-hosted SMB's cannot be disabled in Windows without disabling File and Printer Sharing for Microsoft Networks completely.

https://support.microsoft.com/kb/204279
Click to expand...

The above MS info doesn't mention if disables UDP over SMB though. I guess it should too ?

I've always done the WINS tab disable from install, but still see microsoft-ds entries ? By the way, i'm on XP/SP2

noone_particular · Aug 29, 2013

The simplest way to close port 445 is with a little utility called WWDC (Windows Worm Doors Cleaner 1.4.1). If you can't find it, I can upload you a copy. If you want to make the changes manually, these changes were recorded by Inctrl5 when I used it. On a virtual XP-SP2 test unit, it makes the following changes:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters "SmbDeviceEnabled"
value changed from
01, 00, 00, 00
to
00, 00, 00, 00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters "SmbDeviceEnabled"
value changed from
01, 00, 00, 00
to
00, 00, 00, 00

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet3\Services\Http\Parameters
existing value removed. Don't remove subkeys.

HTH

CloneRanger · Aug 29, 2013

@ noone_particular

Hi & Thanks for reminding me about WWDC I must admit it's the only thing i forgot to include when i last reinstalled XP Funny how we can forget things, especially as i've recommended it lots of times on here over the years to others ! I'm sure i even had it on 98SE too, & recommended it then as well.

It's in now

All the other items were already disabled Except, as i mentioned earlier, i had already done the Wins trick for NetBios, but WWDC showed it could still disable it in some way/s ? I guess it made extra REG changes ?

Log in or Sign up

Disabling Port 445

CloneRanger Registered Member

Attached Files:

445.png

noone_particular Registered Member

CloneRanger Registered Member

Log in or Sign up

Disabling Port 445

CloneRanger Registered Member

Attached Files:

445.png

noone_particular Registered Member

CloneRanger Registered Member

Useful Searches