MS office 2004 opens ports on my firewall

S

sladuuch

Registered
I've installed MS office, but when I port scan myself in Network utility, It reports port 445 is open and assigned to "microsoft-ds". I really want this closed, but it doesn't show up in sharing or anything. How can I close this open port?
 
You say that nothing shows up in sharing? microsoft-ds (port 445) is for the windows file sharing service.
 
Windows sharing uses port 139 on my machine. Ordinary AFP file sharing is 548 and 427. Microsoft-ds only appeared in the port scan result after I installed Office, leading me to believe the installer or Office itself opened this up. Thor want close port! Thor want eat security holes!
 
Windows uses UDP ports 137 and 138 and TCP ports 139 and 445. Perhaps Samba in OS X doesn't use 445...

To find out what process is associated with a network connection or socket, run

sudo lsof -i +c 0

lsof stands for "list open files"; the -i option limits the output to open network connections, and the +c 0 just tells the command to not truncate the name of the command in the output, so you can see the whole name of each command. You have to run it with admin rights (hence sudo) in order to see info about processes running under an account other than your own.
 
Personally, I'm more interested in closing the port then knowing exactly what it's doing. I'm fairly sure that MS Office opened it, and I've read somewhere that it checks your local network for copies of Office with identical serial numbers, so could it be possible that this is the method it uses to do this?

Either way, I just want 445 closed. Scruffy, you seem to be of the unixy persuasion, so how do I close a port? I'm reasonably competent in Terminal and not afraid to muck around in the system.
 
MS Office opens ports to search for other versions of it installed with the same serial number on your network. Tricky, eh?
 
eric2006 said:
MS Office opens ports to search for other versions of it installed with the same serial number on your network.
Click to expand...

yes, I know. If the port was opened in a non-transparent and non-GUI way, then there must be a similar way to close it, right?

By the way, I did actually purchase the aforementioned copy of Office (thank god for academic pricing), I just want it to get the hell away from my port 445. Opening up its own port for the sole purpose of preventing piracy and doing so _without telling anyone_ is unacceptable to me.
 
I can confirm that Office does that, and has done it for awhile. Few years back, I had it installed on my Cube, and my ibook. I took some notes on my iBook and wanted to transfer them to my Cube. I had Word opened on both computers, it came up with a error message, stated I had two versions running. I needed to purchase a additional license. I had to reinstall Office again in order to get it to work.
As far as it opening the port, or how to close it. I am not aware. Thanxs for alerting us to it.
 
You can't just close a listening port without knowing what process has it open - you have to find out what process is associated with the port, figure out why that process is starting and/or why it's opening the port, and how to change that behaviour.
 
Oh, I should have mentioned - ports below 1024 are reserved for privileged users. Only a process with system level privileges can listen on port 445.
 
So, basically, I'd have to somehow get Office itself to stop listening to port 445? Am I unable to close port 445 myself, or it it de facto opened by the fact that something listens on it? Grumble.
 
Well you can't "close" it but you can prevent any traffic getting there. All you need to do is add a firewall rule to deny any packets going to that port. The Firewall will then just drop any of those packets.
 
Yes, you can't just close the port - something is listening on it, the way to close the port is to prevent whatever program from listening on that port.
 
Well I guess that there is a bit of a terminology clash. You are totally right that only the original program can "close" the port, but in this context that is not really what the OP wants or needs.

This is really about "closing" the port in the firewall. Yes Word will still listen for a connection on that port but no traffic will ever reach it and anything it sends out will be quietly discarded. That is all that the firewall tab in the sharing pane is configuring anyway. So my answer again is to just add a rule to the firewall to drop the traffic and go on happily.

This is just like if I instructed my (fictional) secretary to just trash any marketing literature I received from redmond before I get it. Then my physical inbox although open to receiving mail is actually closed to a certain class of mail.
 
Fair enough, I suppose.

Anyway, my initial guess that it's Windows file sharing appears correct - I turned on windows file sharing, checked the open ports - TCP 445 and 139, and UDP 137 were listening. Then I turned off Windows file sharing, and noted that all three ports were closed.
 
You must log in or register to reply here.
Back
Top