|
-
February 16th, 2003, 11:39 AM
#1
Junior Member
port 135???
Can anybody tell me if open 135 or 139 port is threat to my computer?
Thanx for the replies
Twister... will destroy.... everything
-
February 16th, 2003, 11:48 AM
#2
Hi there.
These ports are indeed a threat to your computer, unless you intentionally want them to be accepting connections from the outside. But then again, any open port could be seen as a threat. If its only within a LAN, and you need to access these ports, then make sure that you have a firewall in place to prevent access from the internet. Dont let these ports accept connections from the internet. That applies to any port, unless (like i said) you want to offer a form of service to the internet.
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
February 16th, 2003, 01:51 PM
#3
Hey Twister,
just posted a new thread on Ports and trojans. Think it will be very usefull for you.
http://www.antionline.com/showthread...readid=240093.
Also look in other forums, did a search for you in the tutorial forum :
Hope you learn from it :
By Midrith : http://www.antionline.com/showthread...ighlight=ports
By Antihaxor : http://www.antionline.com/showthread...ighlight=ports
By Rewandythal : http://www.antionline.com/showthread...ighlight=ports
-
February 16th, 2003, 07:48 PM
#4
Junior Member
Tey are not really all that dangerous but let me explain them to you jsut to make sure theyre suited for you. 135 is a tcp/udp port imagine tcp as being tiny bits of data that can heal themselves, and udp being a connectionless type of information. 135 basically keeps tabs on whats going on outside the network. Can it be breached? yeah what are the chances? nil to non if it's your home machine. 139 is your netbios imagine that as being your bios that is sent to all the other computers on your network to help keep things in order. In all honesty 135 and 139 are not much of a threat but if your truly paranoid much like myself, then I agree with Isotronics in getting a firewall. I hope I was of some help.
-
February 16th, 2003, 09:44 PM
#5
Port 135 is where the RPC end point mapper service listens. When a connection comes in, it basically asks the locator service what port and what protocol a particular service is running on. The locator then answers back and the connection is built based on the info from the locator service's reponse.
The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.
What does all this mean? Well you can gather a great deal of info on your network by doing a few things with these ports. I wont go into detail other than to say that you should block access to ports 135-139 and 445 to the outside world.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 17th, 2003, 12:05 AM
#6
Tey are not really all that dangerous
Well, by themselves.. they aren't all that dangerous... but they can be very useful to an attacker when they are footprinting and enumerating your PC(s) and network.
What does all this mean? Well you can gather a great deal of info on your network by doing a few things with these ports. I wont go into detail other than to say that you should block access to ports 135-139 and 445 to the outside world.
You don't have to go into detail... RiOtEr already did that. 
Pretty cool little tutorial here.
RiOtEr went over it pretty well. It can be kind of tedious using nbtstat over and over... so if you want to see what people can find out about your whole network or certain segements... check out nbtscan here .
If you don't yet have them memorized... Here is a list of the netbios hex codes translated into english...
This will help you find out that if you have missed killing some services that you don't need running... or help an attacker find out the services you are running, so they can exploit them. You should go back and disable any service u don't need.
Here is a pretty comprehensive list of the 2k and XP services. It is a little hard to read, so you can DL the PDF version.
Another link by the same guy who goes more in depth of what and why you'd need these services.
That should keep you all reading for a while! 
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 20th, 2003, 11:43 AM
#7
Member
Hmm Well i believe if your running net bois, port 139, i know of a way that you can manipulate your LMhosts.sam file, and just by using NBTstat -a Ipaddy, you can see if they are sharing anyfiles, folders, drivers... (usally by the hex number 20 next to the username) and by adding it to the lmhosts file, the computer will think that its part of the interal network.. giving access to the others persons computer... thats the only way i know about...
Im Chris Bartholomew - 18 Years old
TSeNg
questions? Cxbartholomew@yahoo.com
-
February 20th, 2003, 04:46 PM
#8
Junior Member
TO disable Port 135 (assuming you have no apps that need
dcom):
Click on Start then run and enter: C:\WinNT\System32\Dcomcnfg.exe
then applications tab
Go to default properties tab uncheck "enable distributed com on this
computer"
Then go to "default protocals tab" remove all protocals reboot and
type netstat to see if it's listening
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
