[26902] in bugtraq
Re: SUMMARY: Disabling Port 445 (SMB) Entirely
daemon@ATHENA.MIT.EDU (Shaolin Tiger)
Tue Sep 3 14:18:07 2002
Message-ID: <036101c25272$f21691f0$54383c3e@einstein>
Reply-To: "Shaolin Tiger" <shaolin@shaolin-tiger.com>
From: "Shaolin Tiger" <shaolin@shaolin-tiger.com>
To: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>,
"Andrew Oman" <Andrew.Oman@predictive.com>
Date: Mon, 2 Sep 2002 12:21:21 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: 8bit
# Port 445 - This is a highly debated area by Microsoft themselves and many
others
# It's uses are discussed here: http://ntsecurity.nu/papers/port445/
#
# Method 1: Steps in Windows 2000 Professional, SP2: (Please read others
below before proceeding as this one may prevent
#
# DHCP from functioning correctly which most Cable ISPs require and some
Other ISPs too)
#
# 1. Open Computer Management
#
# 2. Click on Device Manager
#
# 3. Select View: Show Hidden Devices
#
# 4. Click on Non-Plug and Play Drivers
#
# 5. Open Properties for NetBIOS over TCPIP
#
# 6. Click on Disable
#
# 7. Reboot per prompt
#
# If you do not disable the TCP/IP NetBIOS Helper Service at the same time
an error will be logged to the system event log.
#
# You can Disable this service in Administrative Tools - Services if desired
as detailed below.
#
# Alternate Procedure: The following information was developed, tested, and
supplied by T-1 (t1@san.rr.com)
#
# Go to :
#
# HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\
#
# Value Name: TransportBindName
#
# Data: \device\
#
# Either Rename TransportBindName to something like TransportBindNameX
(Easier to change back later)
#
# Or Delete \device\
#
# Then Reboot.
#
# The Registry tweak is more flexible because the NetBT driver is allowed to
run
#
From : http://www.darknet.org.uk/content/files/securewin2k.txt
.: http://www.security-forums.com :.
Share your knowledge
It's a way to achieve
Immortality.
----- Original Message -----
From: "Andrew Oman" <Andrew.Oman@predictive.com>
To: <bugtraq@securityfocus.com>; <vuln-dev@securityfocus.com>
Sent: Friday, August 30, 2002 6:21 PM
Subject: Re: SUMMARY: Disabling Port 445 (SMB) Entirely
> I hope this adds a little bit on one more method of diabling/unbinding
> SMB:
> ( sorry if the cross-post was not appropriate )
>
>
http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS11
-12.asp
>
> HKLM\System\Controlset001\Services\NetBT\Parameters
>
> Non-Configurable Parameters
> The following parameters are created and used internally by the NetBT
> components. They should never be modified using the Registry Editor. They
> are listed here for reference only.
>
> TransportBindName
> Key: Netbt\Parameters
> Value Type: REG_SZ - Character string
> Valid Range: N/A
> Default: \Device\
> Description: This parameter is used internally during product development.
> The default value should not be changed.
>
>
> SMBDeviceEnabled
> Key: Netbt\Parameters
> Value Type: REG_DWORD—Boolean
> Valid Range: 0, 1 (false, true)
> Default: 1 (true)
>
<snip>
>
