Re: SUMMARY: Disabling Port 445 (SMB) Entirely

["Shaolin Tiger" <shaolin () shaolin-tiger com>]

# Port 445 - This is a highly debated area by Microsoft themselves and many
others
# It's uses are discussed here: http://ntsecurity.nu/papers/port445/
#
# Method 1: Steps in Windows 2000 Professional, SP2: (Please read others
below before proceeding as this one may prevent
#
# DHCP from functioning correctly which most Cable ISPs require and some
Other ISPs too)
#
# 1.  Open Computer Management
#
# 2.  Click on Device Manager
#
# 3.  Select View:  Show Hidden Devices
#
# 4.  Click on Non-Plug and Play Drivers
#

# 5.  Open Properties for NetBIOS over TCPIP
#
# 6.  Click on Disable
#
# 7.  Reboot per prompt
#
# If you do not disable the TCP/IP NetBIOS Helper Service at the same time
an error will be logged to the system event log.
#
# You can Disable this service in Administrative Tools - Services if desired
as detailed below.
#
# Alternate Procedure:  The following information was developed, tested, and
supplied by T-1 (t1 () san rr com)
#
# Go to :
#
# HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\

#
# Value Name: TransportBindName
#
# Data: \device\
#
# Either Rename TransportBindName to something like TransportBindNameX
(Easier to change back later)
#
# Or Delete \device\
#
# Then Reboot.
#
# The Registry tweak is more flexible because the NetBT driver is allowed to
run
#

> From : http://www.darknet.org.uk/content/files/securewin2k.txt



.: http://www.security-forums.com :.

         Share your knowledge
          It's a way to achieve
                Immortality.

----- Original Message -----
From: "Andrew Oman" <Andrew.Oman () predictive com>
To: <bugtraq () securityfocus com>; <vuln-dev () securityfocus com>
Sent: Friday, August 30, 2002 6:21 PM
Subject: Re: SUMMARY: Disabling Port 445 (SMB) Entirely


> I hope this adds a little bit on one more method of diabling/unbinding
> SMB:
> ( sorry if the cross-post was not appropriate )
http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS11
-12.asp
> HKLM\System\Controlset001\Services\NetBT\Parameters
>
> Non-Configurable Parameters
> The following parameters are created and used internally by the NetBT
> components. They should never be modified using the Registry Editor. They
> are listed here for reference only.
>
> TransportBindName
> Key: Netbt\Parameters
> Value Type: REG_SZ - Character string
> Valid Range: N/A
> Default: \Device\
> Description: This parameter is used internally during product development.
> The default value should not be changed.
>
>
> SMBDeviceEnabled
> Key: Netbt\Parameters
> Value Type: REG_DWORD—Boolean
> Valid Range: 0, 1 (false, true)
> Default: 1 (true)
<snip>
>