Re: SUMMARY: Disabling Port 445 (SMB) Entirely

From: Shaolin Tiger (shaolin@shaolin-tiger.com)
Date: Mon Sep 02 2002 - 04:21:21 PDT

Next message: Florian Weimer: "[Full-Disclosure] Re: Compaq mount patch broken"

Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

# Port 445 - This is a highly debated area by Microsoft themselves and many
others
# It's uses are discussed here: http://ntsecurity.nu/papers/port445/
#
# Method 1: Steps in Windows 2000 Professional, SP2: (Please read others
below before proceeding as this one may prevent
#
# DHCP from functioning correctly which most Cable ISPs require and some
Other ISPs too)
#
# 1.  Open Computer Management
#
# 2.  Click on Device Manager
#
# 3.  Select View:  Show Hidden Devices
#
# 4.  Click on Non-Plug and Play Drivers
#

# 5.  Open Properties for NetBIOS over TCPIP
#
# 6.  Click on Disable
#
# 7.  Reboot per prompt
#
# If you do not disable the TCP/IP NetBIOS Helper Service at the same time
an error will be logged to the system event log.
#
# You can Disable this service in Administrative Tools - Services if desired
as detailed below.
#
# Alternate Procedure:  The following information was developed, tested, and
supplied by T-1 (t1at_private)
#
# Go to :
#
# HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\

#
# Value Name: TransportBindName
#
# Data: \device\
#
# Either Rename TransportBindName to something like TransportBindNameX
(Easier to change back later)
#
# Or Delete \device\
#
# Then Reboot.
#
# The Registry tweak is more flexible because the NetBT driver is allowed to
run
#

From : http://www.darknet.org.uk/content/files/securewin2k.txt



.: http://www.security-forums.com :.

         Share your knowledge
          It's a way to achieve
                Immortality.

----- Original Message -----
From: "Andrew Oman" <Andrew.Omanat_private>
To: <bugtraqat_private>; <vuln-devat_private>
Sent: Friday, August 30, 2002 6:21 PM
Subject: Re: SUMMARY: Disabling Port 445 (SMB) Entirely


> I hope this adds a little bit on one more method of diabling/unbinding
> SMB:
> ( sorry if the cross-post was not appropriate )
>
>
http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS11
-12.asp
>
> HKLM\System\Controlset001\Services\NetBT\Parameters
>
> Non-Configurable Parameters
> The following parameters are created and used internally by the NetBT
> components. They should never be modified using the Registry Editor. They
> are listed here for reference only.
>
> TransportBindName
> Key: Netbt\Parameters
> Value Type: REG_SZ - Character string
> Valid Range: N/A
> Default: \Device\
> Description: This parameter is used internally during product development.
> The default value should not be changed.
>
>
> SMBDeviceEnabled
> Key: Netbt\Parameters
> Value Type: REG_DWORD—Boolean
> Valid Range: 0, 1 (false, true)
> Default: 1 (true)
>
<snip>
>

Next message: Florian Weimer: "[Full-Disclosure] Re: Compaq mount patch broken"
Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 11:12:43 PDT