Results 1 to 8 of 8

Thread: port 135???

  1. #1
    Junior Member
    Join Date
    Feb 2003

    port 135???

    Can anybody tell me if open 135 or 139 port is threat to my computer?

    Thanx for the replies
    Twister... will destroy.... everything

  2. #2
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Hi there.

    These ports are indeed a threat to your computer, unless you intentionally want them to be accepting connections from the outside. But then again, any open port could be seen as a threat. If its only within a LAN, and you need to access these ports, then make sure that you have a firewall in place to prevent access from the internet. Dont let these ports accept connections from the internet. That applies to any port, unless (like i said) you want to offer a form of service to the internet.

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  3. #3
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Hey Twister,

    just posted a new thread on Ports and trojans. Think it will be very usefull for you.


    Also look in other forums, did a search for you in the tutorial forum :

    Hope you learn from it :

    By Midrith : http://www.antionline.com/showthread...ighlight=ports

    By Antihaxor : http://www.antionline.com/showthread...ighlight=ports

    By Rewandythal : http://www.antionline.com/showthread...ighlight=ports
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  4. #4
    Junior Member
    Join Date
    Aug 2002
    Tey are not really all that dangerous but let me explain them to you jsut to make sure theyre suited for you. 135 is a tcp/udp port imagine tcp as being tiny bits of data that can heal themselves, and udp being a connectionless type of information. 135 basically keeps tabs on whats going on outside the network. Can it be breached? yeah what are the chances? nil to non if it's your home machine. 139 is your netbios imagine that as being your bios that is sent to all the other computers on your network to help keep things in order. In all honesty 135 and 139 are not much of a threat but if your truly paranoid much like myself, then I agree with Isotronics in getting a firewall. I hope I was of some help.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Port 135 is where the RPC end point mapper service listens. When a connection comes in, it basically asks the locator service what port and what protocol a particular service is running on. The locator then answers back and the connection is built based on the info from the locator service's reponse.

    The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.

    What does all this mean? Well you can gather a great deal of info on your network by doing a few things with these ports. I wont go into detail other than to say that you should block access to ports 135-139 and 445 to the outside world.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Tey are not really all that dangerous
    Well, by themselves.. they aren't all that dangerous... but they can be very useful to an attacker when they are footprinting and enumerating your PC(s) and network.

    What does all this mean? Well you can gather a great deal of info on your network by doing a few things with these ports. I wont go into detail other than to say that you should block access to ports 135-139 and 445 to the outside world.
    You don't have to go into detail... RiOtEr already did that.

    Pretty cool little tutorial here.

    RiOtEr went over it pretty well. It can be kind of tedious using nbtstat over and over... so if you want to see what people can find out about your whole network or certain segements... check out nbtscan here .

    If you don't yet have them memorized... Here is a list of the netbios hex codes translated into english...

    This will help you find out that if you have missed killing some services that you don't need running... or help an attacker find out the services you are running, so they can exploit them. You should go back and disable any service u don't need.

    Here is a pretty comprehensive list of the 2k and XP services. It is a little hard to read, so you can DL the PDF version.
    Another link by the same guy who goes more in depth of what and why you'd need these services.

    That should keep you all reading for a while!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Join Date
    Nov 2002
    Hmm Well i believe if your running net bois, port 139, i know of a way that you can manipulate your LMhosts.sam file, and just by using NBTstat -a Ipaddy, you can see if they are sharing anyfiles, folders, drivers... (usally by the hex number 20 next to the username) and by adding it to the lmhosts file, the computer will think that its part of the interal network.. giving access to the others persons computer... thats the only way i know about...
    Im Chris Bartholomew - 18 Years old

    questions? Cxbartholomew@yahoo.com

  8. #8
    Junior Member
    Join Date
    Oct 2002
    TO disable Port 135 (assuming you have no apps that need

    Click on Start then run and enter: C:\WinNT\System32\Dcomcnfg.exe
    then applications tab

    Go to default properties tab uncheck "enable distributed com on this

    Then go to "default protocals tab" remove all protocals reboot and
    type netstat to see if it's listening

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts