# Port 445 - This is a highly debated area by Microsoft themselves and many others # It's uses are discussed here: http://ntsecurity.nu/papers/port445/ # # Method 1: Steps in Windows 2000 Professional, SP2: (Please read others below before proceeding as this one may prevent # # DHCP from functioning correctly which most Cable ISPs require and some Other ISPs too) # # 1. Open Computer Management # # 2. Click on Device Manager # # 3. Select View: Show Hidden Devices # # 4. Click on Non-Plug and Play Drivers # # 5. Open Properties for NetBIOS over TCPIP # # 6. Click on Disable # # 7. Reboot per prompt # # If you do not disable the TCP/IP NetBIOS Helper Service at the same time an error will be logged to the system event log. # # You can Disable this service in Administrative Tools - Services if desired as detailed below. # # Alternate Procedure: The following information was developed, tested, and supplied by T-1 (t1@san.rr.com) # # Go to : # # HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\ # # Value Name: TransportBindName # # Data: \device\ # # Either Rename TransportBindName to something like TransportBindNameX (Easier to change back later) # # Or Delete \device\ # # Then Reboot. # # The Registry tweak is more flexible because the NetBT driver is allowed to run # From : http://www.darknet.org.uk/content/files/securewin2k.txt .: http://www.security-forums.com :. Share your knowledge It's a way to achieve Immortality. ----- Original Message ----- From: "Andrew Oman" <Andrew.Oman@predictive.com> To: <bugtraq@securityfocus.com>; <vuln-dev@securityfocus.com> Sent: Friday, August 30, 2002 6:21 PM Subject: Re: SUMMARY: Disabling Port 445 (SMB) Entirely > I hope this adds a little bit on one more method of diabling/unbinding > SMB: > ( sorry if the cross-post was not appropriate ) > > http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS11 -12.asp > > HKLM\System\Controlset001\Services\NetBT\Parameters > > Non-Configurable Parameters > The following parameters are created and used internally by the NetBT > components. They should never be modified using the Registry Editor. They > are listed here for reference only. > > TransportBindName > Key: Netbt\Parameters > Value Type: REG_SZ - Character string > Valid Range: N/A > Default: \Device\ > Description: This parameter is used internally during product development. > The default value should not be changed. > > > SMBDeviceEnabled > Key: Netbt\Parameters > Value Type: REG_DWORD—Boolean > Valid Range: 0, 1 (false, true) > Default: 1 (true) > <snip> >
