Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DISABLING NetBIOS over TCP/IP (NetBT) [Ports 137 138]

Posted on 2004-04-03
3
Medium Priority
?
677 Views
Last Modified: 2013-12-19
I'm using Windows 2000 (SP5), and connected to the
Internet via an ADSL service ('ADSL' VPN dialer was
built via MS 'Add New Connection' wizard).
(ADSL Modem is stand alone Alcatel STHome)
 
I have tried the following methods (listed below) -
in order to close Ports 137 138 139, and yet each time a connection is established via 'ADSL' DIALER! - they  keep re-open again! and stay open until 'ADSL' dialer
is disconnected!.

Here are the measured I took to CLOSE these ports:
(a) The following 2 network components were
    completely un-installed !
    _Client for Microsoft Networks  
    _File and Printer Sharing for MS Networks
 
(b) The 'NetBIOS over TCP/IP' option [found
    on 'network adapter' in the 'Network and Dial-up  
    Connection' was disabled (un-checked) for the
    'Local Area Connection' "object"

(c) 'TCP/IP NetBIOS Helper Service' was *DISABLED*

--------------------
Please notice that the 'NetBIOS over TCP/IP' option 'dialog' (that appeared on 'network adapter' in the 'Network and Dial-up, was *NOT* available for the 'ADSL' dialer properties! -> thus, disabling the 'NetBIOS over TCP/IP' for the 'ADSL' dialer was not possible!

What is even stranger is that ipconfig /all shows that
'NetBIOS over TCP/IP' is closed (see below) whereas
Netstat -an show that these ports are clearly open (see blow)

I suspect it has something to do with the 'ADSL' dialer
(built via MS 'Add New Connection' wizard) - because
these ports are closed -> until 'ADSL' dialer is used
and establishes a VPN connection, the moment that happens - they re-apear.

Can you PLEASE help me SHUT DOWN those 3 annoying NetBT ports please ?

------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : Yellow
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Ada
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.200.1.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter ADSL:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)Interface
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 212.120.124.52
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 61.164.78.11
DNS Servers . . . . . . . . . . . : 210.140.15.196
                                    204.125.66.142
-----------------------------------------------------

C:\Documents and Settings\Administrator>netstat -an

Active Connections
Proto  Local Address     Foreign Address   State
TCP    0.0.0.0:1025      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1030      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1723      0.0.0.0:0         LISTENING
TCP    10.200.1.1:1030   10.0.0.138:1723   ESTABLISHED
TCP    61.164.78.11:139  0.0.0.0:0         LISTENING
UDP    61.164.78.11:137      *:*
UDP    61.164.78.11:138      *:*
UDP    127.0.0.1:1029        *:*
UDP    127.0.0.1:1041        *:*
UDP    127.0.0.1:1294        *:*

------------------------------------------------------

Many Thanks!
David
 
0
Comment
Question by:dmagicbyte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 520 total points
ID: 10747384
See here:
http://support.microsoft.com/?kbid=128233

I think the ports that you reference are actually from the File & Printer sharing service...

>>These listening connections are initiated by default whenever you have
Windows file and printer sharing installed and running. They are all a part
of the NETBIOS protocol which is used to support file and printer sharing.


They listen prior to you connecting to the ADSL, because they are set as
listening immediately when you enter Windows.
Port 137 is Netbios NAME, 138 is Netbios DATAGRAM, and 139 is Netbios
SESSION, and none of them are anything to be worried about (Except, read
below)


Netbios is mostly used for local area networks and works independent to your
ADSL (Though netbios can work over wide area networks as well).
If you are not using file or printer sharing on your computer, then it is
safe AND wise to turn off this service. Misconfigured file and printer
sharing can allow anyone over the internet to access files, and do almost
anything you can do to them if you have any folders on your computer shared,
and many of the recent worms have done just that.


<<ref: http://seclists.org/lists/security-basics/2002/Oct/0121.html

There's also good description of each port's usage here:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.asp

Hope that helps
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question