Windows 10: BLOCK Outbound SMB Port 445 to Access Internet based shared and Allow SMB Port 445 to...

HI,I want to know how i can BLOCK Outbound SMB Port 445 to Access Internet based shared and Allow SMB Port 445 to access Local Network Shares from the Windows Firewall Rules in Windows 10.Can anyone help me on this?ThanksMuja

:)

 

SMB without port 445

I have a samba share, and the network my devices are on blocks communication over port 445 (the standard SMB TCP port). Linux devices and Macs can connect to this device because they can communicate with the server using port 139 (NBT over IP), which is not blocked Windows devices, however, seem to insist they communicate over port 445.

Is there any way for me to tell Windows 10 to use port 139 without relying on port 445?

 

SMB without port 445

Sounds like you are using naked SMB (CIFS) over public networks -- not good. At least use VPN tunneling to add security. That also solves the blocked port 445 as every port is encrypted and hidden inside the VPN tunnel. Run a VPN server program on the machine with the share. Run VPN client software to connect to the share-VPN Server machine.

If you want to avoid the technical and its only a few easily anticipated files -- store them in DropBox or similar online storage using HTTPS web interface.

HTTPS file transfers and many other better protocols exist to cross the internet. WebDAV has more or less turnkey HTTPS file server solutions.

Yes SMBv3 uses only port 445 (UDP/TCP) on Windows (and I think the latest SAMBA). Port 445 is blocked because despite many security improvements to version 3 of the SMB protocol. SMBv3 is still quite vulnerable to malware infections or data theft when exposed to anonymous users on Internet or LANs not secured from the public.

Worse the use of Ports 137, 138, and 139 are mostly linked to older versions of SMB.

Even on supposedly secure LANs, SMBv1 should be disabled if its possible to use SMBv2 or higher. SMBv3 is strongly preferred over SMBv2. Older SMB versions can be a fast way to spread problems from any infected computer across all LAN connected machines. Effectively a BIG Hole in the onboard firewalls.

P.S.
Yup it will use CPU power to encrypt data in a VPN so you need a little extra CPU room while files are being exchanged. Not really an issue if editing small files by hand. But mass data exchange for large file transfers or database access could be an issue on machines already near acceptable performance limits. If practical separate work into downloading a local copy first then operating on local copy before transferring the altered files back to the share.

As a rule of thumb a dedicated Pentium D with 2GB of RAM can push 10-15Mbps/sec continuously through a VPN. that is old 2005-2006 tech.

Any i3 gen4+ CPU or any i5 or i7 except Generation 1 CPU have special AES encryption hardware that will let them do VPN encryption literally 100 times faster. So plenty of power to do other tasks while doing VPN. File transfer speed will not be slowed by CPU considerations.

 

Windows 10 using port 445

I am attempting to setup an SMB server using a third party software, but it says that port 445 is already in use. I ran "netstat -abo" and it says "Can not obtain ownership information". It also reads that a process with id of 4 is listening on it. This
process is labeled as 'System' in task manager, so I obviously can't end it. How do I free up this port and use it with a different app? Any help appreciated.