Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I really need to block TCP ports 445, 135, 137-139?


  • Please log in to reply
3 replies to this topic

#1 techboy2009

techboy2009

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 15 May 2011 - 11:07 PM

Greetings,

My Cisco Security Agent kept giving me this alert which kind of surprised me because I've never seen it before and it was going off every single hour:

"The process 'System' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on TCP port 445 from 10.82.209.49 using interface Virtual\Cisco Systems VPN Adapter. The operation was denied. [3640]"

So I did a little bit of research and discovered that TCP port 445 is a potentially huge whole for hackers to get in. I then searched on how to block TCP port 445 by going into the regedit and I also disabled the TCP/IP NetBios service. Did I overreact and will there be any reprecussions or system failures for the changes I've made?

Also, do I need to block TCP ports 135, 137-139 and if so how?

Thanks in advance,

techboy2009

PS I'm running Windows XP with SP2

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 16 May 2011 - 07:19 AM

From the info you provide (VPN adapter, and 10.82.209.49 is a private address), I guess you have a corporate machine and that you are connected to the corporate network. Can you confirm this?

Because in that case, it's up to your system administrators to open or close these ports. Closing these ports could break some functionality or features used for your corporate environment.

Edited by Didier Stevens, 16 May 2011 - 10:13 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 techboy2009

techboy2009
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 16 May 2011 - 10:29 AM

Hi Didier,

You are correct I do have a VPN connection to our corporate network. I'll see if I get a message from my administrator saying they can not connect to my machine.

How about the other TCP ports? Do I need to block them as well?

Thanks,

techboy2009

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 17 May 2011 - 03:59 AM

No, it's normal to leave those ports open on a corporate network.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users