What should we do to block port 139 from allowing connections?

Consider removing this PFW.

?_m=knowledgebase&_a=viewarticle&kbarticleid=10

Read through: Deconstructing Common Security Myths.

down to: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Exploring the windows Firewall.

"Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security."

For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise Safe-Hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored.

Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab.

Windows XP: How to turn on your firewall.

Read through: Understanding Windows Firewall. Using Windows Firewall.

Seconfig XP 1.0

XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed. OR Configuring NT-services much more secure. Routinely practice Safe-Hex. Click on 'Click Here to Get Infected' Ad Good luck :)

On Thu, 8 Jan 2009 22:48:30 -0800, "J. Bouziane" wrote in :

1. Turn off File and Printer Sharing. (a) Search "turn off file and printer sharing" in Help and Support. (b) Click on "Enable file and printer sharing using the Network Setup Wizard" (c) Follow the instructions to "Turn off file and printer sharing"
2. Block port 139 in COMODO Firewall (just to be sure) Note: COMODO Firewall is excellent, much better than the Windows XP Firewall, in part because it filters outbound as well as inbound.
3. Consider upgrading to the new COMODO Internet Security, the complete and free security solution (anti-malware, firewall, and host intrusion protection) I use and recommend.

On Fri, 9 Jan 2009 15:26:53 +0700, Kayman wrote in :

Bad advice IMHO -- COMODO Firewall is excellent, much better than the Windows XP Firewall.

Take what Microsoft says about security with a grain of salt -- Microsoft has a terrible security record, and much of what's in that article is self-serving spin.

Most security experts consider outbound filtering, done right, to be an important protection. No matter how careful you are, infections are still quite possible, and outbound filtering can help minimize damage from such infections. The advice in this article is a bit like saying, you won't ever need an antibiotic if you take care not to get infected.

Firewall Challenge, Results and comments

Comodo Internet Security is rated 90%, Level 10+, Very good

Windows Live OneCare is rated 5%, Level 1, Not recommended One of the worst products tested, listed in red [Windows Firewall (XP) is not even considered worth testing.]

"So, what does it mean if the product fails even the most basic tests of our challenge? It means that it is unable to do what its vendor claims it can. Such a product can hardly protect you against the mentioned threats."

If you're behind a router, nothing. If you're connecting directly to the internet, read your firewall's documentation and learn how to block ports.

Port 139 is one of hte ports involved in Windows file sharing. Usually on a private network you want that to work. There's no reason to open it up on the internet however.

Statements like that are nonsensical FUD written by sensationalists.

*any* port is dangerous if the user doesn't realise there's a server process sitting behind it.

Only the ones that create public shares on their PCs.

Most decent firewalls block port 139 by default, and you have to ask to open it. Even XP's builtin firewall, which is actually not that bad, does this.

On Fri, 09 Jan 2009 23:51:12 +0000, Mark McIntyre wrote in :

Actually quite bad. See details in my prior post.

Not unless you also share your wireless without security. A router alone will not help you if it's not secure and configured properly.

No, that's a reasonable statement considering that it's often on by default. It's indeed true that any port left open and a process connecting to it is at risk, few others present quite as much of a risk based on common defaults.

No again, what of drive shares? \\\\some.ip.add.ress\\c$ and the like.

Many (I'd argue against "most") do that /now/ but that hasn't always been the case.

On Fri, 9 Jan 2009 19:47:49 -0500, "Bill Kearney" wrote in :

Even with both a router and wireless security there is still file sharing risk if there is more than one computer on the network, because some other computer could get infected (right through firewall or NAT) and then use file sharing as an internal attack vector.

Windows XP Firewall:

• isn't very good.

• is only enabled by default with SP2 (and SP3).

• opens port 139 automatically if you enable File and Printer Sharing.

Making File and Printer Sharing Safer in Windows XP Service Pack 2

When you enable file and printer sharing in Windows, you create an exception in Windows Firewall so that other people can access files on your computer or printers attached to it. If not properly configured, this exception can also give unapproved people access to your shared files and printers.

Good security is even harder than it has to be thanks to all the bad security information on the Internet.

"Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the

That is an interesting statement considering the Vista Firewall has outbound protection. Why have they implemented it if it is worthless?

"Services in Windows Vista can run with a highly restricted token. In essence, each service has its own security identifier (SID), which is unique to that service. This Service SID can be used to restrict access to resources, such as network ports. This is the same functionality we saw earlier when we looked at restricting traffic to users. This means that even though two services may run as NetworkService, they cannot manage each other's processes and the firewall can be configured to allow only one of them to communicate out. If the one that is blocked is compromised, it cannot hijack the allowed service and use its allowed port to communicate out because the port is restricted by Service SID. This functionality is another one of the very cool security features added to Windows Vista, and the new firewall uses it to actually provide real security value by outbound firewall filtering."

> "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the

Different operating system! Managing the Windows Vista Firewall

in its entierty, twice, then re-read again :) )

I am glad you said "IMHO"! Anyway, which 3rd party software manufacturer are you representing?

Oh really! Ever considered communicating with the authors? And have you ever checked on their credentials? BTW; what are yours?

Their os's were less secure prior NT WinXP. Be more specific, after all we're talking about a pc and not a mac.

How so? The application we're talking about comes with the purchase of the operating system; It's an integral part of the os.

Oh, really? You mean the so-called 'security experts' writing website ads for 3rd party firewall applications?

A silly statement. Where did you get that idea from? (ZA or Sunbelt websites?)

A pitiful analogy. Comparing a virtual world with the real world is nothing but phantasmagorical.

Well, you're obviously not paying close attention especially to details! Microsoft not ever claimed that their firewall included outbound traffic control. And yet matousec are (repeatedly) testing it for something what is not and was never there in the first place! Based on this fact alone, one could assume that matousec are colluding with the makers of 3rd party firewalls (PFW).

>> "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the

That link is producing exactly the same page as the one I provided so I have read it. Why is the author so insistent that "outbound blocking" was used just to prevent compromising other systems? I have used it to stop programs from just having access to the internet. This Vista machine I have insists on trying to access the Internet using " Synaptics Pointing Device Driver", "HP Software Update", "HP Quickplay" and some others at monotonous regularity even though I set them for "no auto-updates" and I use the firewall so they are blocked until I can see some necessity for their access. and some others a

On Sat, 10 Jan 2009 19:51:12 +0700, Kayman wrote in :

None.

Are you rude by nature, or do you have to work at it?

We should take your word instead? Hmmm... don't think so.

On Sat, 10 Jan 2009 10:09:06 +0000, LR wrote in :

> "Outbound protection is security theater?Xit??s a gimmick that only gives the

Sadly, it's disabled by default.

On Sat, 10 Jan 2009 18:48:09 +0700, Kayman wrote in :

>> "Outbound protection is security theater?Xit??s a gimmick that only gives the

That's totally ridiculous.

Open your interfaces and unmark "File and Printer sharing..."

This will make sure nobody connect to this port when serviced by OS, but by doing this you have shown no trust in MS, and maybe what you really need is a better OS. You may also have no trust in yourself while open files and printers for sharing, no trust you understand what you're doing, how it should be done.

BTW, I have a hard time believing that port 139 is a common security leak after XP. If this is true, it must be common for ppl to share other folders than "shared folders". Is this really true?

That's a good point. Of course, anyone foolish enough to have an unsecured wireless router is already in the crayons-only bracket.

Quite.

MS stopped doing that when they shipped WinXP. Thats nearly a decade ago now....

My point exactly in re FUD. Admin shares aren't accessible unless you have a password.

>>> "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the

Mea culpa! I just responded to your post without clicking on the link you had provided.

No, not the author but the makers of 3rd party software firewalls are. You've got to read the entire article more carefully: "There is a very simple fact about outbound filtering that its proponents fail to take into account. The usual argument from the host-based firewall

*vendors* is that if a system is compromised, whether by a worm or by an interactive malicious user, outbound filtering will stop the worm from infecting other systems or will stop the attacker from communicating out.

Jesper said: *"This is not true."*

What is true is that, all else being equal, outbound filtering would have stopped some historical malware. However, if Windows XP had come with outbound filtering, the worms we have seen so far would more than likely have been written to turn it off or else to circumvent it."

Jesper can be contacted...why don't you give it a go?

He's a busy man but will usually respond to reasonable postings. Besides, he sometimes hangs out at microsoft.public.windows.vista.security

It seem your perception of things require fine tuning.

Wasn't it you who brought up f/w testing conducted by masousec? And who is "we"? Which organization do you represent? (Oh, another rude remark).

*You* may not comprehend the context of what is being said but many others will. Have a wonderful day :) EOD

Which assumes there's a password set, or that it's not simply "password". When you ass-u-me...