Windows XP port 445 listening on wrong subnet


U

Uncle Kenny

Hi,

Due to my total stupidity it has taken me a while to figure out what was
happening here, but I eventually click. I thought it was something to
do with the firewall being misconfigured, but it isn't really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*


And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on the
0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed the
scope for port 445 in the firewall to "All networks" (or whatever it is)
which now lets me in via SMB. For obvious security reasons I would
prefer to change the listening app to listen on the local subnet ONLY.
I'm currently using a wireless adapter, so I'm not overly happy with all
and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is behind
a router firewall, but still... sometimes it isn't as I move around.

Googled, but no help.

TIA,
Ken.
 
Ad

Advertisements

U

Uncle Kenny

Uncle said:
Hi,

Due to my total stupidity it has taken me a while to figure out what was
happening here, but I eventually click. I thought it was something to
do with the firewall being misconfigured, but it isn't really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*


And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on the
0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed the
scope for port 445 in the firewall to "All networks" (or whatever it is)
which now lets me in via SMB. For obvious security reasons I would
prefer to change the listening app to listen on the local subnet ONLY.
I'm currently using a wireless adapter, so I'm not overly happy with all
and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is behind
a router firewall, but still... sometimes it isn't as I move around.

Googled, but no help.

TIA,
Ken.




Hmm, actually. With the open port set to local subnet, and the app
listening on 0.0.0.0, the connection should be established anyway
shouldn't it?
Changing the scope to 0.0.0.0 works though... :-s
 
U

Uncle Kenny

: Uncle Kenny wrote:
: > Hi,
: >
: > Due to my total stupidity it has taken me a while to figure out what was
: > happening here, but I eventually click. I thought it was something to
: > do with the firewall being misconfigured, but it isn't really.
: >
: > From netstat:
: >
: > Proto Local Address Foreign Address State
: > TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
: > TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
: > TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
: > TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
: > TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
: > TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
: > TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
: > TCP [::]:23 [::]:0 LISTENING 0
: > TCP [::]:135 [::]:0 LISTENING 0
: > TCP [::]:1026 [::]:0 LISTENING 0
: > TCP [::]:2103 [::]:0 LISTENING 0
: > TCP [::]:2105 [::]:0 LISTENING 0
: > TCP [::]:2107 [::]:0 LISTENING 0
: > TCP [::]:2869 [::]:0 LISTENING 0
: > UDP 0.0.0.0:161 *:*
: > UDP 0.0.0.0:445 *:*
: > UDP 0.0.0.0:500 *:*
: > UDP 0.0.0.0:1025 *:*
: > UDP 0.0.0.0:1032 *:*
: > UDP 0.0.0.0:1038 *:*
: > UDP 0.0.0.0:1144 *:*
: > UDP 0.0.0.0:1601 *:*
: > UDP 0.0.0.0:1701 *:*
: > UDP 0.0.0.0:3320 *:*
: > UDP 0.0.0.0:3527 *:*
: > UDP 0.0.0.0:4500 *:*
: > UDP 127.0.0.1:123 *:*
: > UDP 127.0.0.1:1033 *:*
: > UDP 127.0.0.1:1036 *:*
: > UDP 127.0.0.1:1037 *:*
: > UDP 127.0.0.1:1900 *:*
: > UDP 127.0.0.1:3514 *:*
: > UDP 192.168.0.12:123 *:*
: > UDP 192.168.0.12:137 *:*
: > UDP 192.168.0.12:138 *:*
: > UDP 192.168.0.12:520 *:*
: > UDP 192.168.0.12:1900 *:*
: >
: >
: > And the Windows Firewall has an exception for "File and Printer
: > Sharing". By default this is set up to listen on the local subnet only.
: > As you can see, the NetBIOS ports (137-139) are only listening on the
: > local subnet, which is fine, but the SMB port, 445, is listening on the
: > 0.0.0.0 subnet, which is not desirable.
: >
: > I, eventually, after buggering about for far too long, just changed the
: > scope for port 445 in the firewall to "All networks" (or whatever it is)
: > which now lets me in via SMB. For obvious security reasons I would
: > prefer to change the listening app to listen on the local subnet ONLY.
: > I'm currently using a wireless adapter, so I'm not overly happy with all
: > and sundry being able to access 445.
: >
: > Of course, the WiFi connection is encrypted with WPA2/AES and is behind
: > a router firewall, but still... sometimes it isn't as I move around.
: >
: > Googled, but no help.
: >
: > TIA,
: > Ken.
:
:
:
:
: Hmm, actually. With the open port set to local subnet, and the app
: listening on 0.0.0.0, the connection should be established anyway
: shouldn't it?
: Changing the scope to 0.0.0.0 works though... :-s


Oh, and the stupid machine won't respond to its NetBIOS name either. It
appears in the workgroup, but only responds to its IP address.

Woe is me. I'll get the swine figured out yet!

Help would be nice though ;-)
 
Ad

Advertisements

U

Uncle Kenny

Nobody knows then?

Uncle said:
Uncle said:
Hi,

Due to my total stupidity it has taken me a while to figure out what
was happening here, but I eventually click. I thought it was
something to do with the firewall being misconfigured, but it isn't
really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*


And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on
the 0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed
the scope for port 445 in the firewall to "All networks" (or whatever
it is) which now lets me in via SMB. For obvious security reasons I
would prefer to change the listening app to listen on the local subnet
ONLY. I'm currently using a wireless adapter, so I'm not overly happy
with all and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is
behind a router firewall, but still... sometimes it isn't as I move
around.

Googled, but no help.

TIA,
Ken.




Hmm, actually. With the open port set to local subnet, and the app
listening on 0.0.0.0, the connection should be established anyway
shouldn't it?
Changing the scope to 0.0.0.0 works though... :-s
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top