port 139 open

Printable View

November 19th, 2002, 01:01 AM
kingy_6_1

port 139 open

Hi guys hope someone can help me.I have just take'in zone alarm off my system and put sygate back on when i went to grc.com to do a port scan it tells me my port 139 netbios is open the only things running in my task bar are the usb modem icon the sygate icon .avg antivirus and my connection icon or status box i have check everything i can think of but to make sure i went to symantec aswell and that says network vulnerability at risk and netbios availability at risk its doin my head in now and with havin a allways on line connection ie BB i just not sure what to do.Have checked allso any programs that could be doing it but nuffin any help would be great...hope iam not in the wrong forum? iam a newbie

my system is
abit KT7A motherboard rev 1.3
Athlon XP 2000+
512 MB pc 133 sdram
120 gig harddrive split into 2 ie 60 gig each
80gig harddrive
soundblaster live soundcard 5/1
nvida verto geforce 4 MX 440 g/card
plextor writer 16/10/40
dvd cd rom
creative web cam go plus
Xerox docuprint m750 printer ( default)
Epson stylus color 300 printer
November 19th, 2002, 01:04 AM
Dr Toker

All this is very great, but what Operating System are you running?
November 19th, 2002, 01:11 AM
yanyo

that is netbios over tcp/ip, if your computer is allowing null user conections someone can enumerate all users and shares in your computer. There are many articles in the net that can tell you how to disable it depending on your windows version.
November 19th, 2002, 01:29 AM
kingy_6_1

Sorry dr toker

windows 98 se and just to add i have loadqm in the windows dir dont know where its come from and carnt get shut of it when i do it just reappears when i reboot?
November 19th, 2002, 02:44 AM
Spyder32

To take it off, go to your network settings in the control panel, and turn off file and print sharing. That should turn off the service, which would close the port. I'm not sure whether or not Win98 has it on by default, but if your not running a network or anything of the like, you should turn it off. It is one of the easiest (if not easiest) way for a hacker to remotely access your files. I hope that I've helped!
November 19th, 2002, 02:53 AM
omalakai

Good article

This is a good article to read on how to shut down ports in Windows. TCP port 139 is covered in the list.
Since you are running Win98, you have no security, and anyone could connect to your system remotely and get your files. Ah, Microsoft....
:::sigh:::
November 19th, 2002, 03:09 AM
Tedob1

loadqm is load quality manager. its another useless thing from ms.

go to start>>programs>>accessories>>system tools>>system infomation

there's a tab on the top named "start" or "Start-up", select it, scroll down to loadqm and just uncheck it. next time you boot up it wont load at start-up
November 19th, 2002, 03:12 AM
kingy_6_1

thanx's Spyder32 i have checked that and its already off its this loadQM that does me in iam sure thats the prob has'nt it got sumfin to do with windows update ?? its just got me beat

And for omalakai i have got security ah sigh,,
November 19th, 2002, 03:21 AM
Ouroboros

W98 DOES leave NetBIOS 139 open by default, and is a chore to close off sometimes...check your "network settings" from the control panel (even if you don't run a network) and, as was suggested, close out the file and print sharing. If you don't see anything suspicious there, try a different firewall. I recommend Agnitum's Outpost (www.agnitum.com). It works well with W98se, and closes all NetBIOS communications automatically.

Ouroboros
December 5th, 2002, 02:46 PM
tatui

Another thing you should do if you are in a LAN is make sure file and printer sharing isnt 'attached' to TCP/IP. Check tcp/ip setup when changing network conf.. If you are a dial-up user, and your computer isnt connected to a LAN, my advice is: go to the network setup window (control panel -> Network) and delete all but the tcp/ip and the dial-up adapter. Much safer, and better yet, faster windows box. Get a firewall, like tiny and you can smile even broader. Or go ahead and have fun with a Debian with Iptables, snort etc.. :D .
December 10th, 2002, 01:54 PM
Penguin

so how do we disable port 139 on win98.. :confused:
December 10th, 2002, 02:11 PM
Tiger Shark

Turn off file and printer sharing in the network settings
December 10th, 2002, 03:00 PM
Zonewalker

you say you have been to GRC... you seem to have missed looking at the 'network bondage' page at that site. Suggest you have a look at it , it's here

http://grc.com/su-bondage.htm

It is much more permanent that simply turning off file/printer sharing and gives some insight into protocol bindings. But I would suggest you read it thouroughly before you attempt it.

hope it helps

Z
December 13th, 2002, 07:25 AM
JockVSJock

This is good info on port 137-139, NETBios, the most attacked port according to Internet Storm Center

I could have swore that there is a Services file under Windows that a person could edit in notepad and turn services off, or comment them out. Is this true?

I'm pretty sure I turned off telnet and ftp this way for my W2K box. Nmap scan did not find anything listening on those ports
December 13th, 2002, 02:27 PM
Tiger Shark

Er.... It's pretty easy to turn off FTP and Telnet on a Win2k box anyway. Telnet doesn't come loaded as default so unless you install it - it won't be there and if you go into IIS admin you simply have to Stop the FTP service and voila..... all gone. Of course, if you aren't running a web server then uninstall all of IIS and you are solid... Well, at least from those ports point of view....<s>
December 13th, 2002, 08:56 PM
n01100110

Yes I would definetely recommend that you turn off ALL forms of remote file sharing on your system.But anyways here is a site if your looking for screenshots and you find yourself a little clueless on the task at hand.http://site.lisco.com/support/wirele...8fileshare.htm