RE: SUMMARY: Disabling Port 445 (SMB) Entirely

["Jason Coombs" <jasonc () science org>]

Andrew,

The following did not exist at the URL you provided. TransportBindName is there, but the SMBDeviceEnabled Registry 
value is not. Where did you find it?

--

SMBDeviceEnabled 
Key: Netbt\Parameters 
Value Type: REG_DWORD—Boolean 
Valid Range: 0, 1 (false, true) 
Default: 1 (true) 

Description: Windows 2000 supports a new network transport known as the 
SMB Device, which is enabled by default. This parameter can be used to 
disable the SMB device for troubleshooting purposes. 

-----Original Message-----
From: Andrew Oman [mailto:Andrew.Oman () predictive com]
Sent: Friday, August 30, 2002 7:22 AM
To: bugtraq () securityfocus com; vuln-dev () securityfocus com
Subject: Re: SUMMARY: Disabling Port 445 (SMB) Entirely


I hope this adds a little bit on one more method of diabling/unbinding 
SMB:
( sorry if the cross-post was not appropriate )

http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS11-12.asp

HKLM\System\Controlset001\Services\NetBT\Parameters

Non-Configurable Parameters
The following parameters are created and used internally by the NetBT 
components. They should never be modified using the Registry Editor. They 
are listed here for reference only.

TransportBindName 
Key: Netbt\Parameters
Value Type: REG_SZ - Character string
Valid Range: N/A
Default: \Device\
Description: This parameter is used internally during product development. 
The default value should not be changed.


SMBDeviceEnabled 
Key: Netbt\Parameters 
Value Type: REG_DWORD—Boolean 
Valid Range: 0, 1 (false, true) 
Default: 1 (true) 

Description: Windows 2000 supports a new network transport known as the 
SMB Device, which is enabled by default. This parameter can be used to 
disable the SMB device for troubleshooting purposes. 


Using the SMBDeviceEnabled key removes SMB from binding to 445.

Thanks,

Andrew