Security Basics mailing list archives

Re: Basic question about remote registry on Windows

From: Bob Jones <lists () pavlodarproductions com>
Date: Fri, 29 Dec 2006 17:12:36 -0600



Ansgar -59cobalt- Wiechers wrote:

On 2006-12-28 Thomas D. wrote:

Mary asked on Wednesday, December 27, 2006 1:50 AM:

Can anyone tell me which port is the one that windows platform uses
for remote registry connection?

It should be 'microsoft-ds' (NetBios, 445).


445/tcp is DirectSMB, not NetBIOS.

Regards
Ansgar Wiechers


In linux:
# cat /etc/services | grep 445 | grep microsoft
microsoft-ds    445/tcp
microsoft-ds    445/udp

# cat /etc/services | grep netbios
netbios-ns      137/tcp                    # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm     138/tcp                    # NETBIOS Datagram Service
netbios-dgm     138/udp
netbios-ssn     139/tcp                    # NETBIOS session service
netbios-ssn     139/udp

So, I suspect he got his info from a *NIX /etc/services file which inturn is a scaled down version ofhttp://www.iana.org/assignments/port-numbers

which is the master list of port assignments.

As an experiment, I used an XPProSP2 box with firewall set to allownothing and tried to connect to its registry from a 2003 server on thesame network. Fiddling with the 'file and print sharing' I found Icould connect to the registry remotely with *only* port 445/tcp open.



Bob Jones

Current thread:

RE: Basic question about remote registry on Windows tima soni (Jan 02)
- <Possible follow-ups>
- Re: Basic question about remote registry on Windows Bob Jones (Jan 02)
- Re: Re: Basic question about remote registry on Windows aanjibalu (Jan 02)
  - Re: Re: Basic question about remote registry on Windows Ansgar -59cobalt- Wiechers (Jan 02)