Jump to content

RTP Detection on port 445

porkchop12
 Share

Recommended Posts

David H. Lipman

David H. Lipman

Posted
Posted

TCP and UDP Ports 135 ~ 139 and 445  are used in Microsoft Networking and NT Shares.  A Scan by MBAM won't find anything because you are being probed for weak sharing and it is best to just Block all access at the Border/Gateway and the probes won't reach the PC with MBAM.

On your Router...

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389 and 5555
  • Document passwords created and store them in a safe but accessible location.


References:                               
Ports Database
IANA official ports

 

  • Like 2
  • Thanks 1
Link to post
Share on other sites
  • 2 weeks later...
CristianCP

CristianCP

Posted
Posted (edited)

Hello!

I have also been through similar issues before I've installed a home wifi router. I was being probed once a few days through port 135 and Malwarebytes was blocking it successfully.

I have followed most of the recommendations of @David H. Lipman before finding this thread but I am confused with one of the recommendations. If you would be so kind and explain it to me as I am not that experienced.

That is : "Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389 and 5555".

How do I do this on a home wifi router such as an Asus RT-AX56U. From what I know, unsolicited router traffic coming from the WAN side / internet, will be automatically blocked by the router, so I don't have to set any rules on my router. Or am I wrong? I have only found an option to block LAN to WAN but this isn't what I was looking for. I can't find any option for a rule or filter list for the WAN side. Maybe it's a more advanced feature not found on home routers.

I guess you meant to block these ports if I had a gateway. So the ISP should have these blocked on his side.

Thank you and sorry for posting on a few days old thread. I am confused with ports blocking on a router from the WAN side.

Edited by CristianCP
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I don't think that the Asus RT-AX56U allows you to manually enter specific port blocking on the level like a normal firewall does. I may be wrong but searching online I'm not able to find any documentation showing true firewall access.

You can set those firewall rules in the Windows firewall, but Malwarebytes is at the same level as the firewall and will see and block them probably at the same time.

A true, hardware or external Firewall can be setup if wanted. One of the better known ones is pfsense

https://www.pfsense.org/

 

 

  • Thanks 1
Link to post
Share on other sites
CristianCP

CristianCP

Posted
Posted
12 minutes ago, AdvancedSetup said:

I don't think that the Asus RT-AX56U allows you to manually enter specific port blocking on the level like a normal firewall does. I may be wrong but searching online I'm not able to find any documentation showing true firewall access.

You can set those firewall rules in the Windows firewall, but Malwarebytes is at the same level as the firewall and will see and block them probably at the same time.

A true, hardware or external Firewall can be setup if wanted. One of the better known ones is pfsense

https://www.pfsense.org/

Thank you for your answer, very helpful. Yes, I have them blocked in Windows firewall as well, just in case.

As for pfsense, I've heard about it before, it's a good choice and recommendation but I'll stick to my RT-AX56U for now until I learn more on how to create and work with a pfsense router.

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.