windows closes port 445

Due to the large-scale worm attack, the most urgent thing at present is to close the Windows 445 port. Here, I share several options for Windows to close the 445 port, which is applicable to the window2003/xp/windows7/windows8/windows10 system.

Portal

Friends who need to play ms17-010 system patch can refer to the tutorial: [Windows system to play MS17-010 patch] (http://thief.one/2017/05/15/1)

Modifying the registry method

Add a key value to the registry, the specific steps:

  • Click “Start”, “Run”, type “regedit” to open the registry.
  • Locate the registry key “HKEY_LOCAL_MACHINE\System\Controlset\Services\NetBT\Parameters”
  • Select “Parameters” right click to create a new “DWORD value”
  • Rename the DWORD value to “SMBDeviceEnabled”
  • Right click “SMBDeviceEnabled” and select “Modify”. Under “Value data”, enter “0”

The key details are as follows:

1
2
3
4
5
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\NetBT\Parameters
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0

After modifying the registry, restart the computer, and then CMD runs “netstat -an | findstr 445” to see if port 445 is closed.

Configuring the firewall

This method is not to close its own port 445, but to block the external access to the local port 445.

Firewall Advanced Settings—Inbound Rules—Right-click New Rule—Select UDP in the dialog box, and write the port number 445—block the link.

The new rules are as follows:

Close the server service

Open cmd as an administrator and run

1
net stop server

The configuration needs to be re-enabled, because the shared service needs to enable the server, so the shared service (445 port service) cannot be used when the server service is shut down.

NIC settings

Forbidding Windows sharing

Uninstall the two components in the figure below. The purpose of this operation is to disable port 445.

Prohibition of netbios service

The purpose of this operation is to disable ports 137, 139 and shut down the netbios service.

The above 2 steps need to restart the computer to take effect.

Modify local group policy

Run the input gpedit.msc to open the local Group Policy Editor, Computer Configuration - Windows Settings - Security Settings - IP Security Policy, on the local computer. Although it is cumbersome to modify the local group policy method, this method is recommended.
Specific operations can refer to: https://jingyan.baidu.com/article/d621e8da0abd192865913f1f.html

本文标题:windows closes port 445

文章作者:nmask

发布时间:2017年05月13日 - 09:05

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/05/13/02/en/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: