Windows XP port 445 listening on wrong subnet

Hi,

Due to my total stupidity it has taken me a while to figure out what was
happening here, but I eventually click. I thought it was something to
do with the firewall being misconfigured, but it isn't really.

From netstat:

Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
TCP [::]:1026 [::]:0 LISTENING 0
TCP [::]:2103 [::]:0 LISTENING 0
TCP [::]:2105 [::]:0 LISTENING 0
TCP [::]:2107 [::]:0 LISTENING 0
TCP [::]:2869 [::]:0 LISTENING 0
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1601 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:3320 *:*
UDP 0.0.0.0:3527 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1036 *:*
UDP 127.0.0.1:1037 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3514 *:*
UDP 192.168.0.12:123 *:*
UDP 192.168.0.12:137 *:*
UDP 192.168.0.12:138 *:*
UDP 192.168.0.12:520 *:*
UDP 192.168.0.12:1900 *:*


And the Windows Firewall has an exception for "File and Printer
Sharing". By default this is set up to listen on the local subnet only.
As you can see, the NetBIOS ports (137-139) are only listening on the
local subnet, which is fine, but the SMB port, 445, is listening on the
0.0.0.0 subnet, which is not desirable.

I, eventually, after buggering about for far too long, just changed the
scope for port 445 in the firewall to "All networks" (or whatever it is)
which now lets me in via SMB. For obvious security reasons I would
prefer to change the listening app to listen on the local subnet ONLY.
I'm currently using a wireless adapter, so I'm not overly happy with all
and sundry being able to access 445.

Of course, the WiFi connection is encrypted with WPA2/AES and is behind
a router firewall, but still... sometimes it isn't as I move around.

Googled, but no help.

TIA,
Ken.

Uncle Kenny wrote:
> Hi,
>
> Due to my total stupidity it has taken me a while to figure out what was
> happening here, but I eventually click. I thought it was something to
> do with the firewall being misconfigured, but it isn't really.
>
> From netstat:
>
> Proto Local Address Foreign Address State
> TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
> TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
> TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
> TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
> TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
> TCP [::]:23 [::]:0 LISTENING 0
> TCP [::]:135 [::]:0 LISTENING 0
> TCP [::]:1026 [::]:0 LISTENING 0
> TCP [::]:2103 [::]:0 LISTENING 0
> TCP [::]:2105 [::]:0 LISTENING 0
> TCP [::]:2107 [::]:0 LISTENING 0
> TCP [::]:2869 [::]:0 LISTENING 0
> UDP 0.0.0.0:161 *:*
> UDP 0.0.0.0:445 *:*
> UDP 0.0.0.0:500 *:*
> UDP 0.0.0.0:1025 *:*
> UDP 0.0.0.0:1032 *:*
> UDP 0.0.0.0:1038 *:*
> UDP 0.0.0.0:1144 *:*
> UDP 0.0.0.0:1601 *:*
> UDP 0.0.0.0:1701 *:*
> UDP 0.0.0.0:3320 *:*
> UDP 0.0.0.0:3527 *:*
> UDP 0.0.0.0:4500 *:*
> UDP 127.0.0.1:123 *:*
> UDP 127.0.0.1:1033 *:*
> UDP 127.0.0.1:1036 *:*
> UDP 127.0.0.1:1037 *:*
> UDP 127.0.0.1:1900 *:*
> UDP 127.0.0.1:3514 *:*
> UDP 192.168.0.12:123 *:*
> UDP 192.168.0.12:137 *:*
> UDP 192.168.0.12:138 *:*
> UDP 192.168.0.12:520 *:*
> UDP 192.168.0.12:1900 *:*
>
>
> And the Windows Firewall has an exception for "File and Printer
> Sharing". By default this is set up to listen on the local subnet only.
> As you can see, the NetBIOS ports (137-139) are only listening on the
> local subnet, which is fine, but the SMB port, 445, is listening on the
> 0.0.0.0 subnet, which is not desirable.
>
> I, eventually, after buggering about for far too long, just changed the
> scope for port 445 in the firewall to "All networks" (or whatever it is)
> which now lets me in via SMB. For obvious security reasons I would
> prefer to change the listening app to listen on the local subnet ONLY.
> I'm currently using a wireless adapter, so I'm not overly happy with all
> and sundry being able to access 445.
>
> Of course, the WiFi connection is encrypted with WPA2/AES and is behind
> a router firewall, but still... sometimes it isn't as I move around.
>
> Googled, but no help.
>
> TIA,
> Ken.




Hmm, actually. With the open port set to local subnet, and the app
listening on 0.0.0.0, the connection should be established anyway
shouldn't it?
Changing the scope to 0.0.0.0 works though... :-s

"Uncle Kenny" <unclekenny@unclekenny.invalid> wrote in message
news:%23DUYIFxiIHA.1132@TK2MSFTNGP06.phx.gbl...
: Uncle Kenny wrote:
: > Hi,
: >
: > Due to my total stupidity it has taken me a while to figure out what was
: > happening here, but I eventually click. I thought it was something to
: > do with the firewall being misconfigured, but it isn't really.
: >
: > From netstat:
: >
: > Proto Local Address Foreign Address State
: > TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
: > TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
: > TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
: > TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
: > TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
: > TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
: > TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
: > TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
: > TCP [::]:23 [::]:0 LISTENING 0
: > TCP [::]:135 [::]:0 LISTENING 0
: > TCP [::]:1026 [::]:0 LISTENING 0
: > TCP [::]:2103 [::]:0 LISTENING 0
: > TCP [::]:2105 [::]:0 LISTENING 0
: > TCP [::]:2107 [::]:0 LISTENING 0
: > TCP [::]:2869 [::]:0 LISTENING 0
: > UDP 0.0.0.0:161 *:*
: > UDP 0.0.0.0:445 *:*
: > UDP 0.0.0.0:500 *:*
: > UDP 0.0.0.0:1025 *:*
: > UDP 0.0.0.0:1032 *:*
: > UDP 0.0.0.0:1038 *:*
: > UDP 0.0.0.0:1144 *:*
: > UDP 0.0.0.0:1601 *:*
: > UDP 0.0.0.0:1701 *:*
: > UDP 0.0.0.0:3320 *:*
: > UDP 0.0.0.0:3527 *:*
: > UDP 0.0.0.0:4500 *:*
: > UDP 127.0.0.1:123 *:*
: > UDP 127.0.0.1:1033 *:*
: > UDP 127.0.0.1:1036 *:*
: > UDP 127.0.0.1:1037 *:*
: > UDP 127.0.0.1:1900 *:*
: > UDP 127.0.0.1:3514 *:*
: > UDP 192.168.0.12:123 *:*
: > UDP 192.168.0.12:137 *:*
: > UDP 192.168.0.12:138 *:*
: > UDP 192.168.0.12:520 *:*
: > UDP 192.168.0.12:1900 *:*
: >
: >
: > And the Windows Firewall has an exception for "File and Printer
: > Sharing". By default this is set up to listen on the local subnet only.
: > As you can see, the NetBIOS ports (137-139) are only listening on the
: > local subnet, which is fine, but the SMB port, 445, is listening on the
: > 0.0.0.0 subnet, which is not desirable.
: >
: > I, eventually, after buggering about for far too long, just changed the
: > scope for port 445 in the firewall to "All networks" (or whatever it is)
: > which now lets me in via SMB. For obvious security reasons I would
: > prefer to change the listening app to listen on the local subnet ONLY.
: > I'm currently using a wireless adapter, so I'm not overly happy with all
: > and sundry being able to access 445.
: >
: > Of course, the WiFi connection is encrypted with WPA2/AES and is behind
: > a router firewall, but still... sometimes it isn't as I move around.
: >
: > Googled, but no help.
: >
: > TIA,
: > Ken.
:
:
:
:
: Hmm, actually. With the open port set to local subnet, and the app
: listening on 0.0.0.0, the connection should be established anyway
: shouldn't it?
: Changing the scope to 0.0.0.0 works though... :-s


Oh, and the stupid machine won't respond to its NetBIOS name either. It
appears in the workgroup, but only responds to its IP address.

Woe is me. I'll get the swine figured out yet!

Help would be nice though ;-)

Nobody knows then?

Uncle Kenny wrote:
> Uncle Kenny wrote:
>> Hi,
>>
>> Due to my total stupidity it has taken me a while to figure out what
>> was happening here, but I eventually click. I thought it was
>> something to do with the firewall being misconfigured, but it isn't
>> really.
>>
>> From netstat:
>>
>> Proto Local Address Foreign Address State
>> TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
>> TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
>> TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
>> TCP 127.0.0.1:1074 0.0.0.0:0 LISTENING
>> TCP 192.168.0.12:23 192.168.0.1:48013 ESTABLISHED
>> TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
>> TCP 192.168.0.12:3389 192.168.0.1:47402 ESTABLISHED
>> TCP 192.168.0.12:3525 192.168.0.6:445 ESTABLISHED
>> TCP [::]:23 [::]:0 LISTENING 0
>> TCP [::]:135 [::]:0 LISTENING 0
>> TCP [::]:1026 [::]:0 LISTENING 0
>> TCP [::]:2103 [::]:0 LISTENING 0
>> TCP [::]:2105 [::]:0 LISTENING 0
>> TCP [::]:2107 [::]:0 LISTENING 0
>> TCP [::]:2869 [::]:0 LISTENING 0
>> UDP 0.0.0.0:161 *:*
>> UDP 0.0.0.0:445 *:*
>> UDP 0.0.0.0:500 *:*
>> UDP 0.0.0.0:1025 *:*
>> UDP 0.0.0.0:1032 *:*
>> UDP 0.0.0.0:1038 *:*
>> UDP 0.0.0.0:1144 *:*
>> UDP 0.0.0.0:1601 *:*
>> UDP 0.0.0.0:1701 *:*
>> UDP 0.0.0.0:3320 *:*
>> UDP 0.0.0.0:3527 *:*
>> UDP 0.0.0.0:4500 *:*
>> UDP 127.0.0.1:123 *:*
>> UDP 127.0.0.1:1033 *:*
>> UDP 127.0.0.1:1036 *:*
>> UDP 127.0.0.1:1037 *:*
>> UDP 127.0.0.1:1900 *:*
>> UDP 127.0.0.1:3514 *:*
>> UDP 192.168.0.12:123 *:*
>> UDP 192.168.0.12:137 *:*
>> UDP 192.168.0.12:138 *:*
>> UDP 192.168.0.12:520 *:*
>> UDP 192.168.0.12:1900 *:*
>>
>>
>> And the Windows Firewall has an exception for "File and Printer
>> Sharing". By default this is set up to listen on the local subnet only.
>> As you can see, the NetBIOS ports (137-139) are only listening on the
>> local subnet, which is fine, but the SMB port, 445, is listening on
>> the 0.0.0.0 subnet, which is not desirable.
>>
>> I, eventually, after buggering about for far too long, just changed
>> the scope for port 445 in the firewall to "All networks" (or whatever
>> it is) which now lets me in via SMB. For obvious security reasons I
>> would prefer to change the listening app to listen on the local subnet
>> ONLY. I'm currently using a wireless adapter, so I'm not overly happy
>> with all and sundry being able to access 445.
>>
>> Of course, the WiFi connection is encrypted with WPA2/AES and is
>> behind a router firewall, but still... sometimes it isn't as I move
>> around.
>>
>> Googled, but no help.
>>
>> TIA,
>> Ken.
>
>
>
>
> Hmm, actually. With the open port set to local subnet, and the app
> listening on 0.0.0.0, the connection should be established anyway
> shouldn't it?
> Changing the scope to 0.0.0.0 works though... :-s