Netbios questions...

Can someone explain a few things about Netbios for me? I'm running a Win2k machine here, no router, connected to the internet via a cable modem. The usual software firewalls. I was playing around today and am confused about a few things now.

I unloaded the software firewall (disabled it) and went to scan.sygate.com and did some scans. First, I did a TCP scan, and it showed that my ISP is blocking ports 135, 137-139 and so on. When I do a UDP scan, it says that my ports 137-139 are OPEN.

Question: Why would my ISP block TCP Netbios, but not UDP Netbios? Isn't Netbios UDP anyway?

Another question: If I ran without any firewall under the above conditions, would people then be able to see what's on my hard drive via UDP Netbios? Or is a TCP connection needed for this? Am I in danger with UDP Netbios ports open but TCP Netbios ports blocked?

I also went into Windows network places config and disabled Netbios completely and unchecked the other networking boxes. Just left TCP/IP intact. So Netbios should be disabled. However, when I do a UDP scan at Sygate, it still shows my 137-139 ports OPEN. What and why is this???

I'd appreciate any answers/comments to these questions. They probably show my ignorance, but I'm curious. Don't have much experience with Netbios or networks... Thanks to any and all...

Reply to
Kerodo
Loading thread data ...

This might be of some help to you - start at , which is page 2, and work your way to page 5, paying especially close attention to pages 4 and 5. I think you'll find your explanations/answers there, with some suggestions/directions on changes you can make.

Reply to
dak

Ok, I'll check it out. Thanks to all who responded...

Reply to
Kerodo

TCP port 139 and UDP ports 137-138 are used for Microsoft NetBIOS

TCP port 139 is used to connect to a mapped/shared drive or directory on a Windows PC.

UDP port 137-138 is used to enumerate a Windows PC.

For reference TCP/UDP port 135 is used for Microsoft RPC.

Reply to
Don Kelloway

First, make sure that they are really open. Use "netstat -a" or TCPView or something similar to check the condition. Did you reboot the system after you made the changes? I think you have to reboot to make sure the changes have been made.

To disable services listening to ports 137-139: (I write everything as I am not sure what you did exactly. I have to translate from my German Windows XP so I my not always have the correct wording of the buttons etc. As far as I know, all those steps should work for W2K, too.)

- disable NetBIOS over TCP/IP in the WINS tab of the extended TCP/IP Options (Properties of the network connection, select "Internet Protocol (TCP/IP)", "Properites...", "Extended...", "WINS" tab, deactive NetBIOS over TCP/IP.

- for the network connection deactivate all components except the internet protocol. (Properties of the network connection)

- in the Explorer window of your network and dialup connections (network places config) select the menu "Extended" and there the "Extended Settings".

- choose the tab for network cards and bindings. Remove the bindings for all components. (uncheck everything).

This should close ports 137,138,139 and 445.

You can have a look at

formatting link
is in German but the pictures should give you an indication what it looks like and what I meant. (I hope ;-)

Gerald

Reply to
Gerald Vogt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.