Windows XP port 445 listening on wrong subnet

Uncle Kenny · Mar 21, 2008

Hi,

Due to my total stupidity it has taken me a while to figure out what was
happening here, but I eventually click. I thought it was something to
do with the firewall being misconfigured, but it isn't really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*

And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on the
0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed the
scope for port 445 in the firewall to "All networks" (or whatever it is)
which now lets me in via SMB. For obvious security reasons I would
prefer to change the listening app to listen on the local subnet ONLY.
I'm currently using a wireless adapter, so I'm not overly happy with all
and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is behind
a router firewall, but still... sometimes it isn't as I move around.

Googled, but no help.

TIA,
Ken.

Uncle Kenny · Mar 21, 2008

Uncle said:
Hi,

Due to my total stupidity it has taken me a while to figure out what was
happening here, but I eventually click. I thought it was something to
do with the firewall being misconfigured, but it isn't really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*

And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on the
0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed the
scope for port 445 in the firewall to "All networks" (or whatever it is)
which now lets me in via SMB. For obvious security reasons I would
prefer to change the listening app to listen on the local subnet ONLY.
I'm currently using a wireless adapter, so I'm not overly happy with all
and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is behind
a router firewall, but still... sometimes it isn't as I move around.

Googled, but no help.

TIA,
Ken.

Hmm, actually. With the open port set to local subnet, and the app
listening on 0.0.0.0, the connection should be established anyway
shouldn't it?
Changing the scope to 0.0.0.0 works though... :-s

Uncle Kenny · Mar 21, 2008

: Uncle Kenny wrote:
: > Hi,
: >
: > Due to my total stupidity it has taken me a while to figure out what was
: > happening here, but I eventually click. I thought it was something to
: > do with the firewall being misconfigured, but it isn't really.
: >
: > From netstat:
: >
: > Proto Local Address Foreign Address State
: > TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
: > TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
: > TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
: > TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
: > TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
: > TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
: > TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
: > TCP [::]:23 [::]:0 LISTENING 0
: > TCP [::]:135 [::]:0 LISTENING 0
: > TCP [::]:1026 [::]:0 LISTENING 0
: > TCP [::]:2103 [::]:0 LISTENING 0
: > TCP [::]:2105 [::]:0 LISTENING 0
: > TCP [::]:2107 [::]:0 LISTENING 0
: > TCP [::]:2869 [::]:0 LISTENING 0
: > UDP 0.0.0.0:161 *:*
: > UDP 0.0.0.0:445 *:*
: > UDP 0.0.0.0:500 *:*
: > UDP 0.0.0.0:1025 *:*
: > UDP 0.0.0.0:1032 *:*
: > UDP 0.0.0.0:1038 *:*
: > UDP 0.0.0.0:1144 *:*
: > UDP 0.0.0.0:1601 *:*
: > UDP 0.0.0.0:1701 *:*
: > UDP 0.0.0.0:3320 *:*
: > UDP 0.0.0.0:3527 *:*
: > UDP 0.0.0.0:4500 *:*
: > UDP 127.0.0.1:123 *:*
: > UDP 127.0.0.1:1033 *:*
: > UDP 127.0.0.1:1036 *:*
: > UDP 127.0.0.1:1037 *:*
: > UDP 127.0.0.1:1900 *:*
: > UDP 127.0.0.1:3514 *:*
: > UDP 192.168.0.12:123 *:*
: > UDP 192.168.0.12:137 *:*
: > UDP 192.168.0.12:138 *:*
: > UDP 192.168.0.12:520 *:*
: > UDP 192.168.0.12:1900 *:*
: >
: >
: > And the Windows Firewall has an exception for "File and Printer
: > Sharing". By default this is set up to listen on the local subnet only.
: > As you can see, the NetBIOS ports (137-139) are only listening on the
: > local subnet, which is fine, but the SMB port, 445, is listening on the
: > 0.0.0.0 subnet, which is not desirable.
: >
: > I, eventually, after buggering about for far too long, just changed the
: > scope for port 445 in the firewall to "All networks" (or whatever it is)
: > which now lets me in via SMB. For obvious security reasons I would
: > prefer to change the listening app to listen on the local subnet ONLY.
: > I'm currently using a wireless adapter, so I'm not overly happy with all
: > and sundry being able to access 445.
: >
: > Of course, the WiFi connection is encrypted with WPA2/AES and is behind
: > a router firewall, but still... sometimes it isn't as I move around.
: >
: > Googled, but no help.
: >
: > TIA,
: > Ken.
:
:
:
:
: Hmm, actually. With the open port set to local subnet, and the app
: listening on 0.0.0.0, the connection should be established anyway
: shouldn't it?
: Changing the scope to 0.0.0.0 works though... :-s

Oh, and the stupid machine won't respond to its NetBIOS name either. It
appears in the workgroup, but only responds to its IP address.

Woe is me. I'll get the swine figured out yet!

Help would be nice though ;-)

Uncle Kenny · Mar 24, 2008

Nobody knows then?

Uncle said:
Uncle said:

Hi,

Due to my total stupidity it has taken me a while to figure out what
was happening here, but I eventually click. I thought it was
something to do with the firewall being misconfigured, but it isn't
really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*

And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on
the 0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed
the scope for port 445 in the firewall to "All networks" (or whatever
it is) which now lets me in via SMB. For obvious security reasons I
would prefer to change the listening app to listen on the local subnet
ONLY. I'm currently using a wireless adapter, so I'm not overly happy
with all and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is
behind a router firewall, but still... sometimes it isn't as I move
around.

Googled, but no help.

TIA,
Ken.

Click to expand...

Hmm, actually. With the open port set to local subnet, and the app
listening on 0.0.0.0, the connection should be established anyway
shouldn't it?
Changing the scope to 0.0.0.0 works though... :-s

Remote Desktop not working	1	Nov 17, 2006
No process listening on port 445	2	Mar 2, 2009
Remote Desktop Protocol Error between XP pro PC and NT Server 4.0	4	Jun 18, 2008
Does anyone know what this is?	1	May 17, 2007
Firewall Log	1	Nov 10, 2007
Dial-up ICS settings = Configuration Problems	2	Feb 19, 2005
Fax service opening Port 1024	2	Apr 6, 2004
XP Pro cannot accept VPN, Remote Desktop connections	2	Jul 8, 2005

Windows XP port 445 listening on wrong subnet

Uncle Kenny

Uncle Kenny

Uncle Kenny

Uncle Kenny

Ask a Question

Similar Threads