 
Mark
Premium
join:2001-11-15
Mesa, AZ
| Netbios Session Service - Port 139 This is the service that starts a Netbios session.
NetBios services allow file sharing over networks. When improperly configured, they can expose critical system files or give full file system access to any malicious intruder connected to the network. The intruder can gain access to victim's system files: run, delete, copy, upload/download. When file sharing is enabled on Windows machines they become vulnerable to both information theft and certain types of worms. | |
|
 | dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| Re: Netbios Session Service - Port 139 It's sometimes important to note that file/printer sharing is just one of a potentially open-ended set of applications using Netbios Session. Netbios Session dispatches connections to particular applications based on a 16-byte name sent in a session setup request; you can see the names in use on a particular machine with the nbtstat -n command.
By convention, Netbios apps use the last byte as a sort of protocol type (just like TCP or UDP apps use a port number as a sort of protocol type). The server side of file/printer sharing uses the machine name with a last byte of 0x20 (ascii space); the clent side of file/printer sharing uses the machine name with a last byte of 0x00 (ascii nul).
From a security point of view, however, if you take the simple approach of screening tcp/139 from the outside world, you don't need to know this extra detail. | |
|
Toudi
@tpnet.pl
 from:
fruitcake 
thumbs down from:
unzipt4u2
| Re: Netbios Session Service - Port 139 Very often people give access to entire drive C: with write permission because someone on LAN wants to send them something. Then they usually forget they are sharing entire drive and leave that permission. Thing that usually reminds them is virus/worm invasion and hours spent on cleaning system.
My advice: never, under any circumstances do NOT share entire drives! instead create new folder dedicated to network shares. | |
|
Anonymous553
@4.5.x.x | N00B on the loose how do i close this port im a newb | |
|
|
Juan BA Argentina
|  Re: N00B on the loose
| |
|
|
IIOIOOIOO
@mchsi.com | Another option may be to remove/disable the netbios/netbui protocol on your computer. Obviously, if your network depends on netbios, this will require reconfiguration (of TCP/IP, most likely). | |
|
| Wolffie0
join:2003-03-30
Cupertino, CA
| Im running win2000 pro, I dont need netbios that I know of, im behind a router thats generic with no real firewall protection, I have kerio firewall, I dont have a network running so I dont need netbios, how do I permently disable it and close port 139 (if it serves no real need) and where do I find it to check if its enabled? | |
|
| toyo
join:2003-12-27
12400
| this is very easy:)
you can use the:
1.firewall software
2.firewall hardware
for amator user ->> 3.in windows in this way:
start/setting/network connection/properties in your lan conection/properties in tcp-ip!/advanced/option/tcp-ip filtering
than blook 135 or anather port | |
|
|
jamiegarland8
join:2003-01-09
34344
| NETBIOS Routable? I'm just wondering, all this talk about NETBIOS being a threat... Well even if it is open on your computer/network, surely NETBIOS isn't a routable protocol? So the outside world /internet will not be able to see it?
Any feedback would be great
Jamie | |
|
|
PhiBerOptiCx
@65.101.x.x | Re: NETBIOS Routable? Although we are talking about Netbios, we are also discussing TCP IP port 139 (which in itself, is Netbios.) Even though Netbios is non-routable, you are able to get in using the Transmission Control Protocol. | |
|
| devonshire
join:2004-05-19
bm
| said by jamiegarland8 :
I'm just wondering, all this talk about NETBIOS being a threat... Well even if it is open on your computer/network, surely NETBIOS isn't a routable protocol? So the outside world /internet will not be able to see it?
NetBios is an overloaded term. NetBios the orignial protocol, operated at the DataLink, Network, Transport, and Session layers of the OSI stack. It was not routable.
Two new variants were created to solve that problem NBIPX (NetBios over IPX) and NBT (NetBios over TCP/IP). All of the Netbios services that were available Non-Routable are now available Routable. NBT hangs out on TCP/UDP Ports, 137,138, and 139 and are fully available on the Internet.
I have not tested XP, but as of NT4 NBT was so embedded in the Protocol stack there was no effective way of shutting it off. 
USE A Firewall | |
|
jamiegarland8
join:2003-01-09
34344 | Safe Well I'm behind a router, which doesn't need to host the 139 port.... so im safe 
yay! | |
|
| rburt23
Premium
join:2004-04-08
Clinton, NJ
| Re: Safe Ok. So I'm behind a router. Does that mean that all my concern about the hyperactivity on my active lights on my wireless pc cards is paranioa? Or is it reasonable to be concerned that a relay pirate is using each of my wireless ports every time I turn the systems on? | |
|
| | jamiegarland8
join:2003-01-09
34344
| Re: Safe Unless its actually slowing your connection down, its probably just your ISP making sure your IP is still alive. (im not totally sure about wireless and activity they make).
I wouldnt worry about it.
Main thing to test is, is it slowing your connection down?
If its not, then its not a DoS attack.
jamie | |
|
| | 
danag42
join:2000-02-02
Worcester, MA
clubs:
| Simple trick to be safe 
I set up my router to send any unrequested packets to the default server. However, there's no machine at that address.
So not only am all my ports showing up as "stealthed", the requests all end up in the big bit bucket in the sky.
Read your router's manual, it's a simple solution to protect your PC. I use Zone Alarm to give certain programs permission to contact the Internet, everyone else is just plain out of luck!! | |
|
| | | hack hell
join:2004-04-23
678644 | Re: Simple trick to be safe i ran a port scan on my college's domain server..
its running win 2000 server and port 139 is open...
what can i do??
can u tell me of any netbois exploits??
thanks in advance | |
|
hack hell
join:2004-04-23
678644 | port scan result.... hey guys....
i was just fooling around with my institution's domain server. ran a port scan on it...
it's running win 2000 and i found a strange thing.
port 139 is open. are there any known exploits for udp or netbios?? | |
|
|
fingerlikin
@sonic.net | Re: port scan result.... you make me LMAO!! of course there is! duh. am i going to tell you? NOPE =P | |
|
| | GodKhaine
join:2004-03-30 | Re: port scan result.... I'm running on an XP system, and the last time I downloaded something to close Netbios from grc.com I was unable to load IE. Has this happened to anyone else. | |
|
|
Moxxxbius
@suomi.net
| Oh, really? Domain server had port 139 open?
Gosh, those stupid admins must have ENABLED netbios.. maybe network REALLY needs it for something like logging Windows clients to domain, or maybe for authenticating users. Not sure thought
Bye, Moebius | |
|
| kgoodknecht
join:2002-01-10
Wichita Falls, TX
| You should not see NetBIOS on the public side, NetBIOS uses Broadcast so it basically broadcasts your machine's name to the internet. NetBIOS won't pass an NAT device, such as a router. If you don't have a router you can disable NetBIOS over TCP/IP on the WINS tab of TCP/IP properties on Windows machines. Needless to say, you should also disable Client for MS Networks and File Sharing on the external interface. | |
|
Johnny Rotten
@bellsouth.ne
| Netbios disabled For all you newbies out there simply right click your NIC properties, find netBIOS and uninstall it. You will also want to remove file and print sharing for Microsoft networks and client for Microsoft networks if you are not sharing files on a network. Also if you are on a LAN running WINS but do not need netBIOS then simply click the WINS tab, go to properties and check disable netBIOS over TCP/IP. Last but not least RUN YOUR MICROSOFT UPDATES! | |
|
|
haxxor
@66.90.x.x
| read on.. Yea.. this port is a best friend to anyone who wants to get access to your machine. I have myself gained access and installed various things (IRC bots, Denial of Service bots, BNCs, Proxies, ftp servers, scanning droneware, etc.) onto dialup, DSL, Cable, T1, 10/100/gigabit, etc. connected systems, and it is extremely easy to do so. It usually takes me about 3 minutes to get onto your IPC share and install a kit to any desired folder I so choose.
Do yourself a favor, save huge bandwidth usage fees and close this port (along with 445) I myself have gotten bored of r00ting systems, but I'm not able to say otherwise about other people. | |
|
MDyup
@attbi.com | XYZ having 139 open is kind of like having your zipper open | |
|
Bobzworld
join:2001-06-17
Pomona, CA | port 139 Im running Win XP sp2 & ZoneAlarm thru a Linksys router.
Am i safe, if not what should i do?
thanks | |
|
gbnfgbn
@net.mt
| difference I uninstalled "file and printer sharing for microsoft networks" but when i scan myself (scanning from this pc too if that makes a difference...) i find it still open... although when i scan myself using such web sites that offer such service (including this site) no port is found open...
Also... does it make a difference which port scanner used? i used superscan... or so... what's the difference between superscan and nmap? | |
|
| The Hobbit
join:2004-12-27
Kanata, ON
|  Re: difference
As to what is the difference between SuperScan and nMap, you will have to read the _______ manuals. This will actualy be of some use to you as they are very mind expanding. | |
|
Jalespy
|  ports open
| |
|
Jalespy
| Me again The ports I have open are UDP's. My router is not wireless. Thanks | |
|
gnomm
@arcor-ip.de
| printer software phoning home?
I was reading through all of this and tried netstat for the 1st time.
reason: I was wondering why my new printer software would try to connect to the internet each time I opend wordpad for example.
pressing ctrl+alt+del there was a "lexpps" program showing up in the task manager (I got a lexmark printer..).
to get to the point: with netstat I realized that on startup of win98 no port was listening but as soon as I opened word or wordpad it came to listen on tcp 135, 1025, 1028 and udp 1028!
after kicking out this mysterious "lexpps" with the taskmanager it still listened to tcp ports 135 & 1025 until restart.
any suggestions?
thx
-gnomm | |
|
Luzian Wild
@212.91.x.x
|  Re: printer software phoning home?
also see:
»www.answersthatwork.com/Tasklist···st_l.htm
»www.auditmypc.com/process/lexpps.asp | |
|
Ceyarrecks
join:2003-07-14
Harrisburg, PA
1 edit | port info? Go to www.grc.com, the link called Shields UP! (yeah, a Trek fan)
there you will have not only the opportunity to test All Service Ports, which is your
system's first 1056 ports. each square (of whatever color it happens to be) is also a link which adds additional information about that port (and sometimes how to close it)
enjoy 
p.s.
do not be shocked when your router/firewall's log goes ballistic stating there was an attack after you do this test. It is just grc's server testing all those ports. heh | |
|
|
| mrerick
join:2005-07-04
Wake Forest, NC
 ·Earthlink Cable Mo..
| Re: previous question
Marc | |
|
| |
LoST Cawz
@optonline.net | 50 connection limit? Is it true that XP SP4 only allows 50 connections to a client pc at any given time? If so is there a fix?
 | |
|
|
|
|
LAN and SAFTEY