Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 681
  • Last Modified:

DISABLING NetBIOS over TCP/IP (NetBT) [Ports 137 138]

I'm using Windows 2000 (SP5), and connected to the
Internet via an ADSL service ('ADSL' VPN dialer was
built via MS 'Add New Connection' wizard).
(ADSL Modem is stand alone Alcatel STHome)
 
I have tried the following methods (listed below) -
in order to close Ports 137 138 139, and yet each time a connection is established via 'ADSL' DIALER! - they  keep re-open again! and stay open until 'ADSL' dialer
is disconnected!.

Here are the measured I took to CLOSE these ports:
(a) The following 2 network components were
    completely un-installed !
    _Client for Microsoft Networks  
    _File and Printer Sharing for MS Networks
 
(b) The 'NetBIOS over TCP/IP' option [found
    on 'network adapter' in the 'Network and Dial-up  
    Connection' was disabled (un-checked) for the
    'Local Area Connection' "object"

(c) 'TCP/IP NetBIOS Helper Service' was *DISABLED*

--------------------
Please notice that the 'NetBIOS over TCP/IP' option 'dialog' (that appeared on 'network adapter' in the 'Network and Dial-up, was *NOT* available for the 'ADSL' dialer properties! -> thus, disabling the 'NetBIOS over TCP/IP' for the 'ADSL' dialer was not possible!

What is even stranger is that ipconfig /all shows that
'NetBIOS over TCP/IP' is closed (see below) whereas
Netstat -an show that these ports are clearly open (see blow)

I suspect it has something to do with the 'ADSL' dialer
(built via MS 'Add New Connection' wizard) - because
these ports are closed -> until 'ADSL' dialer is used
and establishes a VPN connection, the moment that happens - they re-apear.

Can you PLEASE help me SHUT DOWN those 3 annoying NetBT ports please ?

------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : Yellow
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Ada
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.200.1.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter ADSL:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)Interface
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 212.120.124.52
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 61.164.78.11
DNS Servers . . . . . . . . . . . : 210.140.15.196
                                    204.125.66.142
-----------------------------------------------------

C:\Documents and Settings\Administrator>netstat -an

Active Connections
Proto  Local Address     Foreign Address   State
TCP    0.0.0.0:1025      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1030      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1723      0.0.0.0:0         LISTENING
TCP    10.200.1.1:1030   10.0.0.138:1723   ESTABLISHED
TCP    61.164.78.11:139  0.0.0.0:0         LISTENING
UDP    61.164.78.11:137      *:*
UDP    61.164.78.11:138      *:*
UDP    127.0.0.1:1029        *:*
UDP    127.0.0.1:1041        *:*
UDP    127.0.0.1:1294        *:*

------------------------------------------------------

Many Thanks!
David
 
0
dmagicbyte
Asked:
dmagicbyte
1 Solution
 
sirbountyCommented:
See here:
http://support.microsoft.com/?kbid=128233

I think the ports that you reference are actually from the File & Printer sharing service...

>>These listening connections are initiated by default whenever you have
Windows file and printer sharing installed and running. They are all a part
of the NETBIOS protocol which is used to support file and printer sharing.


They listen prior to you connecting to the ADSL, because they are set as
listening immediately when you enter Windows.
Port 137 is Netbios NAME, 138 is Netbios DATAGRAM, and 139 is Netbios
SESSION, and none of them are anything to be worried about (Except, read
below)


Netbios is mostly used for local area networks and works independent to your
ADSL (Though netbios can work over wide area networks as well).
If you are not using file or printer sharing on your computer, then it is
safe AND wise to turn off this service. Misconfigured file and printer
sharing can allow anyone over the internet to access files, and do almost
anything you can do to them if you have any folders on your computer shared,
and many of the recent worms have done just that.


<<ref: http://seclists.org/lists/security-basics/2002/Oct/0121.html

There's also good description of each port's usage here:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.asp

Hope that helps
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Tackle projects and never again get stuck behind a technical roadblock.
Join Now