Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port 445 Listening in my CISver5 connections


  • Please log in to reply
4 replies to this topic

#1 Econstantine

Econstantine

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 05 January 2011 - 01:13 AM

Port 445 Listening in my Comodo ver5 connections

Am trying out Comodo Firewall with Optimum D+ settings on a Windows 7 x32 system from Online Armor Premium. First time I tried it out after long use of OA. In the active connections window I see a

System(4) Listening port on: 445

What is that?

From reading I see that is connected to the NetBIOS which I already have disabled (WINS, then Disable NetBIOS). I do not seem to remember seeing this when I was using Online Armor before but the again I may have not or may not..as long as I have a TruStealth via GRC/pcflank..lol!)

A friend who also recommeded to try Comodo ver5 again in liue of OA Premium is having the same questions...

Now I remember vividly that I do not have to make any rule in OA for blocking/closing port 445. I mean out of the box it gave me a flat TruStealth. When I installed Comodo ver5 I had one open port and it was port 445. Subsequent GRC checks where okay though....TruStealth. Now because of that first encounter with an open port I tend to check if there is a port 445 and yeah there it is listening.

Please see attached image.

Can someone give me some details or explanations on the matter or what should be done "security wise" so no ports are open and what ports should I close? Really need to understand this please.

Lost patience with OA Premium not seeming to learn or remember what I set. The latest version 4.5 was the worst I tried. Even all I excluded would vanish and you had to constantly check and re-import the settings I made. Settings would change often especially what I exclude. Had to put it to learning mode often so my system will work ike it was using my saved settings. OA forum help was so so..had submitted logs to their CS but was told that i"...if problem is not priority so and so..." lasted for nearly a month so I quit using it.

Anyway, kindly help me on this regard okay:)

Happy New Year!

PS;

Pardon for the error in topic title, I previously selected "Courier" as font and applied it the pasted the topic title with it...can't seem to attach the image either....help mods....thanks...newbie post here:(

Edited by Econstantine, 05 January 2011 - 01:26 AM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 05 January 2011 - 04:22 AM

Can someone give me some details or explanations on the matter or what should be done "security wise" so no ports are open and what ports should I close? Really need to understand this please.


It actually depends on what you want to do with your Windows machine, but most people don't need any ports open to the Internet.
If you would have some server application running on your machine, like a web server, an FTP server, some P2P applications, then you would need to open the required ports.
But from what I understand from your post, you don't need any such ports open.

As you've tested (and observed) that your port 445 is open to the Internet by using GRC's ShieldsUp, you need to close it. Unfortunately, I'm not familiar enough with Comodo to give you the exact instructions, but here's an howto I found with Google:
http://forums.comodo.com/empty-t53588.0.html

I'm curious how you connect your machine to the Internet. Because another, very effective way to prevent open ports from being accessed from the Internet, is to use a NAT router.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Econstantine

Econstantine
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 07 January 2011 - 02:00 PM

Hi;

Thanks for the reply.

I am using a cheesy dial-up connection at the moment since I have problems with my dsl provider now. But I do use both occassionally. I turned-off IPv6 in the Networking tab and was surprised to find out that only Port 5357 is Listening now. Can I leave that as is...? I mean IPv6 turned-off? What may be the implications of leaving it off? Sorry just new to this part of the internet and the part of "wanting to be more secure plus knowing more as I use ---thing"

Made a rule in Comodo for Block IN/OUT for port445. My ports are stealthed now. 2 days in a row through PCFlank and ShieldsUP. But it still shows in the active connections window "listening" on Ports 445 and 5357. When I turn-off IPv6 only 5357 is listening.

Can I turn-off or block 5357 also or.....?

Thanks!

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 08 January 2011 - 04:18 AM

Can I leave that as is...? I mean IPv6 turned-off? What may be the implications of leaving it off?


IPv6 is a new IP protocol, like IPv4. You don't need it on your Internet connection, you can leave it disabled.

But it still shows in the active connections window "listening" on Ports 445 and 5357.


That is normal, simply put: for the Windows OS running on your machine, these ports are still open, it is not "aware" that a local firewall is filtering these ports.

Can I turn-off or block 5357 also or.....?


Yes, in your case, it's probably linked to network discovery: http://windows.microsoft.com/en-US/windows-vista/What-is-network-discovery

To turn network discovery of on public networks, take a look here: http://www.speedguide.net/port.php?port=5357

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Econstantine

Econstantine
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 January 2011 - 01:35 PM

@Didier Stevens,

Appreciate the response, thank you.

I checked again with IPv6 turned-off and I saw Listening on 445 and 5357 again. So it may not have the effect after all...

Thanks for the links. I will use it as guide and be back for follow-up.:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users