Port 139

[Methcook]

Can anyone give me any info or help with this. Here is what I;ve found:

139 TCP netbios-ssn

Port 139 is used on Windows machines for NetBios name resolution, WINS, etc. A problem with older unpatched versions of Windows is that they are susceptible to receipt of Out-Of-Band (OOB) data. This means that someone can remotely send you OOB data on port 139 and can cause numerous problems on your machine, including but not limited to machine lockups, blue screens, loss of internet connection.

You should do one of several things: a) upgrade/patch your operating system to make sure it is not susceptible to this attack; b) firewall your system so that port 139 is not visible from the internet; c) configure your router to block port 139; d) Install one of several monitoring packages on your PC that block this denial of service.

I dont wanna be completely dependent on a firewall. My OS (Win ME) is updated so I guess that doesnt help at all. Where can I get a "patch" for this?

Any other info would be appreciate also.

Thanks

[{P²P}Apocalypse]

You'll be happy to know. That is your "patch". Just keep your software up to date ie...Windows Update. A personal firewall is an extra precaution and is highly recomended for personal home computers. If you don't run one. make sure you have your networking file sharing turned off. As well, if you use any peer to peer software, chat or instant messaging, and/or MS Internet Explore. You should use a personal firewall for sure. Due to the ever so frequent holes and exploits being found almost weekly and sometimes daily. Like I said, for normal use if you keep your Windows up to date and disable file sharing you should be ok. I still recomend a personal firewall though...
Hope this helps...Good luck....

[Maverick811]

Well, to fully understand your situation it would help if you could provide some more information: what firewall are you using now, is this machine part of a LAN, are you running a router, etc. I'll try to help you with what I know about your setup so far.

First of all, I'm not aware of any 'patch' as you are mentioning that will protect you from remote access to this machine on port 139. While one can never be fully protected from outsiders, a properly configured firewall is a huge asset. If your machine is not part of a LAN, there would be no reason to have file sharing on, and by turning off file sharing you close port 139 used by NetBIOS. If this machine is part of a LAN and you have the need to enable file sharing, a properly configured firewall is about your best solution.

Respond back and tell us a little more about your setup so we can better provide help to you.

[Ghost_25inf]

sorry to say there is no real way to shut down the netbios port, but like apocalypse said firewall is what can help you.

[{P²P}Apocalypse]

PS One more thing. If you're not on a network or share file/print services and just use dial-up. When you go under you network settings to check your file and printer setting. Look and see what protocols you have. All you need for this is TCP/IP. You don't need NetBios, IPX/SPX, or Net BEUI. You can remove those... All you need for your connection is just the TCP/IP

[Methcook]

Thanks for all the info.

I went to securityspace.com while my firewall was shut down and ran a port scan and thats when i learned it was open. File and print sharing was disabled but port 139 was still open.

"You don't need NetBios, IPX/SPX, or Net BEUI"

hmmm,...yeah you'll haveta excuse my ignorance here. I didnt see any of that. There was somethng called "Microsoft Family Logon" and I just removed it. That seemed to completely take away my ability to enable file and print sharing which is fine with me.

I'm not part of a LAN. Just me and a simple dial up connection.

I just went back to security space with syngate firewall up and it reported that I have no ports open so I'm happy bout that.

You guys are extremely helpful. I love this site.

Thanks

[I am a cracker]

sorry to say there is no real way to shut down the netbios port, but like apocalypse said firewall is what can help you.

Thats a lie because on my computer every port is closed including ports 135,136,137,138,139 all netbios terminated no more hey meth cook when I find that turtorial I wrote I tell you step by step disable netbios!

[I am a cracker]

Here's how to disable NETBIOS over TCP/IP (and close the ports)

1.Make sure you've disabled File and Print sharing.
2. Click the start menu and choose settings, Control Panel.
3. Double-click the Network icon.
4.Click the Configuration tab.
5.Under the heading of "The following network componets are installed" double-click TCP/IP
6.Click the bindings tab.
7.If it is checked, click the box to UN-check "Client for Microsoft Networks".
8.If it is checked, click the box to UN-check "File and Print sharing for microsoft networks".
9. click okay
10. A box titled "Network" will appear click NO.
11. Repeat this procedure for multiple TCP/IP listings (all of them)
12.Click the OK button in the network control panel.
13.A prompt box will appear asking you to restart your computer.
14. Click yes to restart your computer for the new settings take effect


Hey Methcook I hope this helps you

[ammo]

Hi Methcook,

Just wanted to add that the particular "hack" you refer to is probably the oldest Denial Of Service (DOS) attack that affected windows, more precisely it affected Win95 with winsock v1, which was replaced in a patch (replacement stack) back then, and isn't a problem with later version of windows... (That was like in 1995 if I remember well!!)

Ammo

[Mr. Dude]

i've got another question concerning the netbios-port...there are two varieties of shares: user-level share and share-level share and if i want to connect to these shares i need win nt workstation or sever...at least i think so...
now i want to install win 2k and i want know if i can connect to these shares (using the "net"-commands) if i use win 2k...