securing port 445 tcp/udp

Hello folks,can anyone advise me on a way to close ports 445 microsoft-ds for udp/tcp,or direct me to a site that has reasonably simple wording.
From doing some looking around i see that this is a sort of replacement for the process that used to open ports 135-139.I have found an article that tells you how to do it by using a registry tweak,but i am not yet at that level of competance to try it this way.
I am behind a router but do not share any info with anything else and these ports are allways open when i look using CPorts.
Am i better of just puting a rule in the firewall to stop any access to these ports,i`d much prefer getting to the root of this(ie m$)

:■■■■ Matty


Take a look at GRC | Port Authority, for Internet Port 445   and block it in CFP3 with a global rule if you don’t already have a block all in. Unless your router is responding and has a firewall where you need to block it also.

Thanks sded thats one of the places i looked at,i suppose its just one of those things you have to put up with if you use M$ windows.
As ive got 2 hard drives on my computer, my aim is to learn enough so i can put Linux on one of the drives but im still a fair way off that yet.

ps glad to say my router shows only 1 port closed(rest stealthed) and that is to do with IDENT

Nice one, Matty

Yeah well, just making a firewall-rule doesn’t actually close port 445 and, more important,
the process that opened the port in the first place will still be running .
Instructions here :’s_port_445_in_w2k_xp_2003.htm
or just use Security & Privacy Complete from Security & Privacy Complete download |
to disable all those nasty windows-services .


You can try this utility if using XP.

Hey guys,many thanks for your ideas/help that was a good bit of info there.

Goodbrazer i downloaded that utility nice one for the link.Now i know you need netbios when on a LAN

Gordon as i said im not gonna tinker with the registry yet(some time soon) but still some valuable learning there.Just wish i could understand Dutch as that utility looks top notch.

Gonna tries some of the leaktester programs tomorrow so that should be fun ;D

Loving it,nice one Matty :-TU

Just in case you haven’t been reading carefully: :slight_smile:

An open port is one with an application behind it that answers inquiries (much to be avoided, since port 445 is associated with remote operations, others provide control of your computer)
A closed port will not do anything with inquiries, but follows IANA protocols to tell you so (someone knows you are there and may decide to launch a more concerted attack)
A stealthed port (GRC term?) ignores IANA and ignores the inputs

The port that listens to port 445 in CFP3 terminology is “system”
The rules to stealth ports 445 and others listened to by “system” and allow other things out as necessary: Under the “system” application
block and log all else

If you are concerned about a sneaker program or are a complete Bozo and crash your firewall a lot, don’t use a router, then some of the other suggestions may help you. If you use a NAT router you are protected from most everyting incoming anyway, even without CFP. :slight_smile:

Thanks sded :a0,i feel pretty secure with V3 behind a router,but could i just pick your brains for a few things that have been puzzling me ???
When i first installed V3 .268 i think,by default there was a rule in “Application Rules” by default called Windows system or something like that.Now the only rule is Windows Update Applications,which incorporates svchost etc.
What are your preferred referances in Application rules when it comes to the OS,as i know there has to be some output so i can connect with the router properly thus connect to the net.
Sorry if im asking daft questions but the name changing has threw me a bit :-[
This is the only rule i have regarding Windows.


[attachment deleted by admin]

My application rules for the system type stuff are attached. I don’t use any global rules, so some extra stuff ends up in WOS. WOS has grown a bit because of blocking log stuff and incorporating some global rules. Block and log at the end of each application, plus a block & log all incoming at the end of all the application rules keeps an eye out for anything new, although with custom mode they should cause popups.

[attachment deleted by admin]

Cheers sded,you`ve just given me a few ideas as to why my look up dont work(DNS entries).

your a (:s*)