Re: SUMMARY: Disabling Port 445 (SMB) Entirely

From: Andrew Oman (
Date: 08/30/02

From: "Andrew Oman" <>
Date: Fri, 30 Aug 2002 13:21:34 -0400

I hope this adds a little bit on one more method of diabling/unbinding
( sorry if the cross-post was not appropriate )


Non-Configurable Parameters
The following parameters are created and used internally by the NetBT
components. They should never be modified using the Registry Editor. They
are listed here for reference only.

Key: Netbt\Parameters
Value Type: REG_SZ - Character string
Valid Range: N/A
Default: \Device\
Description: This parameter is used internally during product development.
The default value should not be changed.

Key: Netbt\Parameters
Value Type: REG_DWORD—Boolean
Valid Range: 0, 1 (false, true)
Default: 1 (true)

Description: Windows 2000 supports a new network transport known as the
SMB Device, which is enabled by default. This parameter can be used to
disable the SMB device for troubleshooting purposes.

Using the SMBDeviceEnabled key removes SMB from binding to 445.



"Jason Coombs" <>
08/29/2002 08:05 PM
Please respond to jasonc
        To: <>
        Subject: SUMMARY: Disabling Port 445 (SMB) Entirely

UPDATE: I double-checked and in fact was able to stop port 445 from
at all under Windows 2000 using the following Registry key:


under this key remove the default value "\Device\" from the
TransportBindName REG_SZ value. upon reboot, port 445 is gone completely,
both TCP and UDP.

I tried a while ago to replace \Device\ with the device name of a single
network interface in my multi-homed Windows box and that did not appear to
work, SMB still grabbed port 445 TCP and UDP on rather than the IP
address bound to the network interface whose \Device\ virtual name I
into the TransportBindName. Perhaps you can only disable port 445/SMB
entirely, there may be no way to disable it selectively.

However, port 1025 is still being bound by SYSTEM ... I have no idea why.


Jason Coombs

-----Original Message-----
From: Jason Coombs []
Sent: Thursday, August 29, 2002 11:52 AM
Subject: SUMMARY: SMB overflow attacks

SUMMARY: There does not appear to be any way to get Windows 2000 to stop
binding to port 445 at this time. It's possible in Windows NT, but then
again SMB was an after-thought for NT (Service Pack 3 or 4, I don't
which) and the NT kernel doesn't bind port 445 as aggressively.