constant outbound SMB port 445( microsoft-ds) traffic

Question

I have pc on my network that is flooding the network with port 445 traffic, our firewall denies outbound traffic on this port, I am trying to determine whether the traffic is coming from an app or service etc but nothing found, how do stop this continuous traffic and what is the reason behind it

Answer 1

Hi there,

It is not from an app but from Windows services. Port 445 and port 139 are Windows ports. Port 139 is used for Network Basic Input Output System (NetBIOS) name resolution and port 445 is used for Server Message Blocks (SMB). They all serve Windows File and Printer Sharing.

You can also block port 445 using this method.

1. Go Start > Control Panel > Windows Firewall and find Advanced Settings on the left side.
2. Click Inbound Rules > New rule. Then in the pop-up window, choose Port > Next >TCP > Specific local ports and type 445 and go Next.
3. Choose to Block the connection > Next. Tick the three checkboxes and click Next. Specify the name and description at your will and click Finish.

---

--If the reply is helpful, please Upvote and Accept it as an answer--

Answer 2

This corresponds normally to The Server Message Block (SMB) connection protocols. They are used often for Legacy Windows Computers to connect with more current Windows.

If blocked, file sharing and other connections between the mentioned Computers might not work.

Below a quoted definition from MS:
"The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols."

Below is an image showing that connection on my computer firewall rules.

I hope this helps.