Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, February 8, 2012 5:00 PM
Hello All,
Everytime, security person scan the server they found Port 145 and 139 is opened and as per them its a vulnerable ports and need to close them or stop the relevent services.
Can you please guide us how to disable this without disabling the print and file services. Also please define what is the vulnerebility behind this ports.
We are having windows 2003, 2008 and 2008 R2 servers.
Thanks/Regards, Avijit Dutta
All replies (4)
Wednesday, February 8, 2012 7:15 PM
It depends on the machine. Port 139 is used for NetBIOS name resolution, and port 445 is used for SMB.
If 445 is closed, you will effectively be unable to copy any file system data to or from the path where port 445 is closed....from a domain perspective, this will completely break group policy.
Port 139, with your environment, you *might* be able to slip by without, however, don't plan on using NetBIOS based sessions, as that is what the port is for...
Bottom line, if this is a domain environment, these ports are required.....there are certain methods to get around it, but it doesn't sound like its necessarily applicable here (yet).
http://support.microsoft.com/kb/179442 covers it pretty nicely for domain environments, if that is the situation here....
Brandon Wilson - Premier Field Engineer (Platforms)
Thursday, February 9, 2012 4:47 AM
Thanks Wilson...!!!... but this things a known to me... What is the vulnerablilty behind this ports... and how we can disable this ports in the server level... Any tweak or any registry entry which will block the traffic towards the server on this ports....
Thanks/Regards, Avijit Dutta
Thursday, February 9, 2012 5:58 AM
Hi Avijit,
You can block traffic to port 445 and keep something like file services available, as 445 is instrumental to the availability of the file service (via SMB/SMB2). Both those options are mutually exclusive.
For something as basic as a file server, you can most likely get by without NetBIOS (the operating systems you listed will be fine, but the application level might complicate matters). For that, you could choose the simple option of using the builtin Windows Firewall to block NetBIOS-related ports in the Inbound Rules node. You could even leverage the Scope tab to define which IPs/IP ranges can access those ports and which can't.
If your IDS tool is as primitive as reporting a vulnerability solely because a port is open, then look for a new IDS, as that's a poor testing mechanic.
Cheers,
Lain
Sunday, February 12, 2012 5:32 AM
Hello Lain... I'm doing the same thing to block ports. But they always deny the request to open the ports in firewalls. actually we have few process which is behind firewall and to access the file server we need to apply the ACL's. but every time we have to fight with security team to get the port 445 and 139 open to access the file server. AS per them these are the vulnerable ports and cannot be open.
Thanks/Regards, Avijit Dutta