Solved

DISABLING NetBIOS over TCP/IP (NetBT) [Ports 137 138]

Posted on 2004-04-03
3
642 Views
Last Modified: 2013-12-19
I'm using Windows 2000 (SP5), and connected to the
Internet via an ADSL service ('ADSL' VPN dialer was
built via MS 'Add New Connection' wizard).
(ADSL Modem is stand alone Alcatel STHome)
 
I have tried the following methods (listed below) -
in order to close Ports 137 138 139, and yet each time a connection is established via 'ADSL' DIALER! - they  keep re-open again! and stay open until 'ADSL' dialer
is disconnected!.

Here are the measured I took to CLOSE these ports:
(a) The following 2 network components were
    completely un-installed !
    _Client for Microsoft Networks  
    _File and Printer Sharing for MS Networks
 
(b) The 'NetBIOS over TCP/IP' option [found
    on 'network adapter' in the 'Network and Dial-up  
    Connection' was disabled (un-checked) for the
    'Local Area Connection' "object"

(c) 'TCP/IP NetBIOS Helper Service' was *DISABLED*

--------------------
Please notice that the 'NetBIOS over TCP/IP' option 'dialog' (that appeared on 'network adapter' in the 'Network and Dial-up, was *NOT* available for the 'ADSL' dialer properties! -> thus, disabling the 'NetBIOS over TCP/IP' for the 'ADSL' dialer was not possible!

What is even stranger is that ipconfig /all shows that
'NetBIOS over TCP/IP' is closed (see below) whereas
Netstat -an show that these ports are clearly open (see blow)

I suspect it has something to do with the 'ADSL' dialer
(built via MS 'Add New Connection' wizard) - because
these ports are closed -> until 'ADSL' dialer is used
and establishes a VPN connection, the moment that happens - they re-apear.

Can you PLEASE help me SHUT DOWN those 3 annoying NetBT ports please ?

------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : Yellow
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Ada
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.200.1.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter ADSL:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)Interface
Physical Address. . . . . . . . . : 00-40-AH-D2-98-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 212.120.124.52
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 61.164.78.11
DNS Servers . . . . . . . . . . . : 210.140.15.196
                                    204.125.66.142
-----------------------------------------------------

C:\Documents and Settings\Administrator>netstat -an

Active Connections
Proto  Local Address     Foreign Address   State
TCP    0.0.0.0:1025      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1030      0.0.0.0:0         LISTENING
TCP    0.0.0.0:1723      0.0.0.0:0         LISTENING
TCP    10.200.1.1:1030   10.0.0.138:1723   ESTABLISHED
TCP    61.164.78.11:139  0.0.0.0:0         LISTENING
UDP    61.164.78.11:137      *:*
UDP    61.164.78.11:138      *:*
UDP    127.0.0.1:1029        *:*
UDP    127.0.0.1:1041        *:*
UDP    127.0.0.1:1294        *:*

------------------------------------------------------

Many Thanks!
David
 
0
Comment
Question by:dmagicbyte
3 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 130 total points
ID: 10747384
See here:
http://support.microsoft.com/?kbid=128233

I think the ports that you reference are actually from the File & Printer sharing service...

>>These listening connections are initiated by default whenever you have
Windows file and printer sharing installed and running. They are all a part
of the NETBIOS protocol which is used to support file and printer sharing.


They listen prior to you connecting to the ADSL, because they are set as
listening immediately when you enter Windows.
Port 137 is Netbios NAME, 138 is Netbios DATAGRAM, and 139 is Netbios
SESSION, and none of them are anything to be worried about (Except, read
below)


Netbios is mostly used for local area networks and works independent to your
ADSL (Though netbios can work over wide area networks as well).
If you are not using file or printer sharing on your computer, then it is
safe AND wise to turn off this service. Misconfigured file and printer
sharing can allow anyone over the internet to access files, and do almost
anything you can do to them if you have any folders on your computer shared,
and many of the recent worms have done just that.


<<ref: http://seclists.org/lists/security-basics/2002/Oct/0121.html

There's also good description of each port's usage here:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.asp

Hope that helps
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question