Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DISABLING NetBIOS over TCP/IP (NetBT) [Ports 137 138]

Posted on 2004-04-03
3
644 Views
Last Modified: 2013-12-19
I'm using Windows 2000 (SP5), and connected to the
Internet via an ADSL service ('ADSL' VPN dialer was
built via MS 'Add New Connection' wizard).
(ADSL Modem is stand alone Alcatel STHome)
 
I have tried the following methods (listed below) -
in order to close Ports 137 138 139, and yet each time a connection is established via 'ADSL' DIALER! - they  keep re-open again! and stay open until 'ADSL' dialer
is disconnected!.

Here are the measured I took to CLOSE these ports:
(a) The following 2 network components were
    completely un-installed !
    _Client for Microsoft Networks  
    _File and Printer Sharing for MS Networks
 
(b) The 'NetBIOS over TCP/IP' option [found
    on 'network adapter' in the 'Network and Dial-up  
    Connection' was disabled (un-checked) for the
    'Local Area Connection' "object"

(c) 'TCP/IP NetBIOS Helper Service' was *DISABLED*

--------------------
Please notice that the 'NetBIOS over TCP/IP' option 'dialog' (that appeared on 'network adapter' in the 'Network and Dial-up, was *NOT* available for the 'ADSL' dialer properties! -> thus, disabling the 'NetBIOS over TCP/IP' for the 'ADSL' dialer was not possible!

What is even stranger is that ipconfig /all shows that
'NetBIOS over TCP/IP' is closed (see below) whereas
Netstat -an show that these ports are clearly open (see blow)

I suspect it has something to do with the 'ADSL' dialer
(built via MS 'Add New Connection' wizard) - because
these ports are closed -> until 'ADSL' dialer is used
and establishes a VPN connection, the moment that happens - they re-apear.

Can you PLEASE help me SHUT DOWN those 3 annoying NetBT ports please ?

------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : Yellow
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Ada
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.200.1.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter ADSL:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)Interface
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 212.120.124.52
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 61.164.78.11
DNS Servers . . . . . . . . . . . : 210.140.15.196
                                    204.125.66.142
-----------------------------------------------------

C:\Documents and Settings\Administrator>netstat -an

Active Connections
Proto  Local Address     Foreign Address   State
TCP    0.0.0.0:1025      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1030      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1723      0.0.0.0:0         LISTENING
TCP    10.200.1.1:1030   10.0.0.138:1723   ESTABLISHED
TCP    61.164.78.11:139  0.0.0.0:0         LISTENING
UDP    61.164.78.11:137      *:*
UDP    61.164.78.11:138      *:*
UDP    127.0.0.1:1029        *:*
UDP    127.0.0.1:1041        *:*
UDP    127.0.0.1:1294        *:*

------------------------------------------------------

Many Thanks!
David
 
0
Comment
Question by:dmagicbyte
3 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 130 total points
ID: 10747384
See here:
http://support.microsoft.com/?kbid=128233

I think the ports that you reference are actually from the File & Printer sharing service...

>>These listening connections are initiated by default whenever you have
Windows file and printer sharing installed and running. They are all a part
of the NETBIOS protocol which is used to support file and printer sharing.


They listen prior to you connecting to the ADSL, because they are set as
listening immediately when you enter Windows.
Port 137 is Netbios NAME, 138 is Netbios DATAGRAM, and 139 is Netbios
SESSION, and none of them are anything to be worried about (Except, read
below)


Netbios is mostly used for local area networks and works independent to your
ADSL (Though netbios can work over wide area networks as well).
If you are not using file or printer sharing on your computer, then it is
safe AND wise to turn off this service. Misconfigured file and printer
sharing can allow anyone over the internet to access files, and do almost
anything you can do to them if you have any folders on your computer shared,
and many of the recent worms have done just that.


<<ref: http://seclists.org/lists/security-basics/2002/Oct/0121.html

There's also good description of each port's usage here:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.asp

Hope that helps
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question