Why would a virus add a deny rule for port 139 and 445 to

What is an SMB Port + Ports 445 and 139 Explained | Varonis Mar 29, 2020 What is an SMB Port + Ports 445 and 139 Explained Jun 10, 2020 The use of TCP ports 139 and 445 in Windows May 15, 2019

Hi All. I have an oddity here, we had a virus infection of some servers at our DR site, a very persistent one! It kept returning. The oddity is that it added some rules to the Windows Firewall, along with disabling the AV, it added a TCP allow ALL, then added Deny TCP 139 and Deny TCP 445 - anybody got any ideas why it would do that?

Mar 10, 2020 · Port. SMB. TCP. 445. 139. It is unlikely that any SMB communication originating from the internet or destined for the internet is legitimate. The primary case In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). In Windows 2K/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445. Port 445 should be blocked at the firewall level.

Testing file open performance across a WAN vs LAN. I open a 1MB .rtf file. When opening on the LAN, the traffic is on port 445 (CIFS). When opening the same file from the same server across the WAN, the traffic is on port 139 (NETBIOS). My question for all of you protocol gurus: Is there really any

Jun 10, 2020 · Port 445: Used by newer versions of SMB (after Windows 2000) on top of a TCP stack, allowing SMB to communicate over the Internet. This also means you can use IP addresses in order to use SMB like file sharing. How to keep port 139 and 445 secure. While port 139 and 445 aren't inherently dangerous, there are known issues with exposing these May 15, 2019 · If the client is an older version of Windows, like Windows 2000, and has NBT enabled, it will always try to connect to the server at both port 139 and 445 simultaneously. If there is a response from port 445, it sends a TCP RST (reset) to port 139, and continues its SMB session to port 445 only. TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in Windows operating systems over the network. TCP 445 is SMB over IP. This is a newer version where SMB can be consumed normally over the IP networks. Check If Port 137,138,139 and 445 Is Open Ports 139 & 445 are Windows ports. Port 139 NetBIOS. NetBIOS Session (TCP), Windows File and Printer Sharing . This is one of the most dangerous port on the Internet. All "File and Printer Sharing" on a Windows machine runs over this port. About 10% of all users on the Internet leave their hard disks exposed on this port. Port 445 SMB Jul 13, 2020 · Port 139 is used for Network Basic Input Output System (NetBIOS) name resolution and port 445 is used for Server Message Blocks (SMB). They all serve Windows File and Printer Sharing. In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445, which replaces the older implementation that was over ports 137, 138 Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.