IBM i Global

 View Only
  • 1.  secure ports 5555 and 445

    Posted Sat December 30, 2023 01:00 AM
    Edited by spw iaix Sun December 31, 2023 07:56 AM


    Is it possible to secure ports 5555 and 445 on an IBM i V7R4 system?



    Manuel R.

  • 2.  RE: secure ports 5555 and 445

    IBM Champion
    Posted Sun December 31, 2023 07:02 PM

    What are you trying to do?
    Block them from the outside?
    Prevent processes from allocating them from the inside?
    Define "secure", please.

    Jack Woehr
    IBM Champion 2021 - 2023
    IBM Qiskit Advocate

  • 3.  RE: secure ports 5555 and 445

    IBM Champion
    Posted Mon January 01, 2024 12:46 AM

    Sure. Just turn off the associated services. ;)

    What are you trying to actually accomplish?

    Steve Pitcher
    Service Express

  • 4.  RE: secure ports 5555 and 445

    IBM Champion
    Posted Mon January 01, 2024 04:37 AM
    Edited by Satid Singkorapoom Mon January 01, 2024 04:50 AM

    Dear Manuel

    In IBM i, port 445 is used for IBM i Netserver function using CIFS protocol which is a newer protocol that is more secured than the old NetBios (used by port 137-139). More information here on this : Can NetServer Run With The NetBIOS Protocol Disabled? at  

    If you have no need to use Netserver whatsoever, just make sure this TCP/IP server is not started.   But if you have a need to use CIFS and want more security control of this, you can decide to deploy a firewall and exercise access policy with it but this adds management burden to IT security admin team.      

    Port 5555 (and 5544) is used by IBM i Management Central (MTGC) function used by the old Windows-based IBM i Navigator tool from IBM i Access for Windows product which was not supported by IBM for several years now.  MGTC was also dropped from IBM support as of IBM i 7.5.  More info here: 

    MGTC is no longer a useful thing to use in IBM i 7.4 as there is another more modern alternative for it which is Navigator for i tool (used from a browser).  So, I would say it is advisable to NOT run IBM i Management Central Server and you would have no need to worry about securing it.  

    Chance favors only the prepared mind.
    -- Louis Pasteur
    Satid S.

  • 5.  RE: secure ports 5555 and 445

    Posted Mon January 01, 2024 09:26 AM
    Edited by spw iaix Mon January 01, 2024 11:40 AM
    Hello Everyone, Happy New Year!
    Thanks for the responses, in a recent vulnerability scan on the IBM i 7.4 system the following was found:
    They indicate that port TCP/5555 is vulnerable for Remote Code Execution (RCE) and Denial of Services (DoS), I also agree to stop using MGTC on IBM i.
    I understand that port TCP/445 uses a more secure protocol, but what the vulnerability scan indicates is that SMB Signing (SMB digital signing) is not enabled.

    Manuel R.

  • 6.  RE: secure ports 5555 and 445

    Posted Mon January 01, 2024 06:00 PM

    You can enable or enforce SMB signing:  SMB Signing and IBM i NetServer Support  Use the NETS option though, Navigator for i isn't presently handling that option correctly, I have a defect report in with the developer.

    Michael Swenson
    Software Engineer

  • 7.  RE: secure ports 5555 and 445

    Posted Tue January 02, 2024 06:01 AM

    You can also:

    1. enable Intrusion Detection
    2. filter your traffic with IP filtering

    Both need some IBM i admin and network knowledge, but works fine once correctly implemented.

    Sylvain Manceau

  • 8.  RE: secure ports 5555 and 445

    IBM Champion
    Posted Wed January 03, 2024 09:38 AM

    Hello Satid,

    Please be aware that when the TCP/IP server *MGTC is not started on the IBM i side. Clicking on the icon of Management Central in iSeries Navigator for i will start it automatically. iSeries Navigator is part of IBM I Access for Windows (EOS April 2019), but still see it being used. 

    So just stopping this server from starting does not protect you from the MGTC server being started. 

    Please have a look here Removing MGTC is the better choice


    Rudi Van Helvoirt