tempest - port 135 is the DCE endpoint resolution and 445 (both TCP and UDP ports) is for CIFS. It kind of is and kind of isn't netBIOS so I can semi agree with you - bit difficult to explain in any short terms so....

this place should explain CIFS a little better
- basically (as I understand it) CIFS is an updated version of SMB that does not require netBIOS. I might have understood that wrongly so - feel free to correct me.

port 135 does deal with netBIOS yes I'll give you that but it does deal with other related transport too e.g. RPC DCOM... so it's not just for netBIOS traffic - hence the reason why its still shown on netstat if you close netBIOS

so - I can see what you're point of view is and I do semi agree with you - but port 139 is the main one for netBIOS - as you can see from shakira's sygate log, port 139 is still wide open - hence I still say my original point stands - she hasn't closed netBIOS, or at least hadn't when she did this scan.

Z