The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.
TCP port 445 is used for *direct* Microsoft Networking access. More specifically, it enables direct TCP/IP access to Microsoft Networking functions WITHOUT the need for a Netbios layer. This service is only implemented in the more recent verions of Windows (e.g. Windows 2000 and XP).
Hosts which are generating port probing to this port are usually worm infected. The most recent worm released with this pattern is the W32.Deloader worm (see Below). Most anti-virus vendors didn't release anti-virus definitions for 2-3 days after the worm appeared, causing even anti-virus protected systems from being infected.
Additionally, because Deloader uses a much more extensive password list in it's password crack routine we are seeing it being more prolific than earlier worms using this same technique. We are also seeing firewall-protected networks becoming infected as a result of mobile laptops, AOL connections, and other VPN connections in much the same manner as the Opaserv worm, see: udp/137
This port is also a common target for Warez hackers who seek to turn your PC into a public file server. If anti-virus scans don't find a problem, you'll have to do a manual forensic analysis to identify possible Pubstro compromise as show here: mNW Pubstro Analysis Guide -- Lawrence Baldwin myNetWatchman The Internet Neighborhood Watch
If this port is open you are also potentially vulnerable to the Windows Null Sessions Exploit and the IraqiWorm. Many machines vulnerable to this exploit are used as zombies in denial of service attacks.
Is it not possible to simply stop the service in Windows 2000? Under services (in the administrative tools), there is one called TCP/IP Netbios Helper Service, if you change that to disabled, will that do it?
Actually.. just a little note here.. but along the same lines. I have a little laptop (old) running windows 98SE (that's all it'll handle), and I couldn't see it with the two win2000 machines, nor could it see the rest of the network. Then after thinking about this topic, it struck me. Windows 98SE cannot use Netbios over TCP/IP, so I installed the Netbios protocol on the win2000 machines and all is well...