What are the open ports in my computer referring to and what should I do

jana
jana used Ask the Experts™
on
I downloaded an apps called Fing in my iPhone.  That apps Pings, Speed Test, Trace and finds open ports.  I ran "find open ports" to see my Desktop and gave 3 ports open results can be seen in the attached image.

Question, the 3 open ports found open on my desktop 135, 139, 445,
- what exactly is open?
- Should they be closed?
- What is you recommendation.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Look here:  https://www.grc.com/port_135.htm  for ports 135 and 139.  
Look here:  https://www.grc.com/port_445.htm for port 445.

You need to have a router where you can block these ports with Firewall settings if you wish to block them from the Internet.

This is how you deal with ports you are concerned about.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You can also use Windows Firewall to block ports you do not wish to expose.  I normally just use the router as changes there affect all connected computers.
FING operates on your local LAN and has access to all your local devices, unlike Internet based hosts.  Your local devices are most likely protected from Internet based hosts by NAT on your firewall or router.  In other words, it's unlikely you have publicly accessible ports exposed to the Internet.  If you have multiple Windows machines, those ports are required for file sharing and other communications between the machines.  Either way, if you're concerned about the open ports (which just means a service is listening on those ports) you can block them with Windows Firewall, as already mentioned.  To be sure if your publicly exposed, you need to run a port scan on your public IP address, from another host on the Internet, not your local network.  I believe FING can do this, but you must specify your public IP not your private. If you don't know your public IP, visit a website which reveals it, such as https://www.whatismyip.com
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

David FavorFractional CTO
Distinguished Expert 2018

Commented:
These ports normally refer to the following services...

net14 # egrep "\s+(135|139|445)/" /etc/services 
loc-srv		135/tcp		epmap		# Location Service
loc-srv		135/udp		epmap
netbios-ssn	139/tcp				# NETBIOS session service
netbios-ssn	139/udp
microsoft-ds	445/tcp				# Microsoft Naked CIFS
microsoft-ds	445/udp

Open in new window


Likely they can all be closed + best to research each to ensure you have no software running which requires any of these port to remain open.
btanExec Consultant
Distinguished Expert 2018

Commented:
Unless you need to host file shares, the ports should be closed. Ransomware like the past wannacry uses it to spread as well encrypted all network shares.

While encrypting the victim’s files, it also scans all the visible IPC$ and SMB file shares. It uses the Microsoft MS17-010 SMB vulnerability to gain access to the systems on these shares, and infects those systems, as well. It is this behavior that has enabled WannaCry to quickly infect whole networks in minutes.

Firewall: Block ports 135-139 plus 445 in and out. These are used by hackers to steal your info and take control of your pc and after doing so will use NetBIOS to then use your computer to take over another, etc, etc.. Port 137-139 is for Windows Printer and File Sharing but also creates a security risk if unblocked. But if you share a printer on your network you will have to allow this one but I recommend just go to the pc the printer is hooked up to and use. Port 135 is for RPC service on a remote machine. Where possible, you can also disable SMB (server message block) port 445.

Author

Commented:
Thank you for the info.

Giovanni, from another host on the Internet, bit in my local network, did run FING against the computers internet public IP and it return open port 25 (Smpt Simple Mail Transfer) - the other 3 ports did not appear. Is that ok?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Yes that should be fine

Commented:
Open ports may present an attacker a vector to target a host with. A vulnerability in Server Message Block (SMB) could allow Remote Code Execution (RCE). Restrict sharing to only advanced or privileged users.
https://support.microsoft.com/en-in/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and

Author

Commented:
Understood.

To finalize, I ran FING from another computer from outside the LAN using the internet public IP of my computer with the “open ports”.  The result: ports 135, 139, 445 were not displayed.  Only open displayed as result is port 25 (Smpt Simple Mail Transfer).

To summarize:
When I ran FING within the LAN and found the 3 ports open, this was in a local office LAN.  Yet checking ports open from outside the LAN, all 3 seems inaccessible, only port 25 displayed.

Question:
  • My computer shares drives and I connect to it via Remote Desktop from my iPad from within the local network, should I still close the 3 ports? And can I still have the share and remote desktop function if closed?

  • Since from port 25 was displayed when running FING from outside the network, should I close that port? And will it affect the emails of my computer? (since it displayed ‘port 25 (Smpt Simple Mail Transfer)’.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
RDP uses Port 3389 (not one of the above).

Email - you need to check your Exchange setup to see if Port 25 is need. It might be.

On the other ports, read through the links I left you because these ports are sometimes used.

There is a LOT more to security than 4 open ports, so research carefully.
btanExec Consultant
Distinguished Expert 2018
Commented:
You should ask if the port are necessary services required regardless internal or external. There is always an internal threat even behind the firewall or high wall to speak. If they are not needed then disable it as default. Otherwise use a latest version SMBv3 for example if file shares are required. Monitoring for anomalies within internal network is important.

Unless you’re specifically managing a mail server, you should have no traffic traversing this port 25 on your computer or server.

By leaving port 25 unmonitored and open, web hosting providers are at risk of enabling spammers within their network to run wild with huge volumes of spam traffic.

To side track, some web hosting providers block port 25 as a way of stopping the outflow of spam; selectively unblocking the port for customers who make a special request for access and who can prove they are not a spammer.

A comprehensive outbound email filtering system that examines outgoing email to identify web hosting accounts which are spamming is the best way to fight spam in a web hosting network. A good filtering system should be robust against spammer adaptation, and sufficiently accurate that legitimate email is not incorrectly classified and blocked.

Author

Commented:
Thank you all!
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You are very welcome and I was happy to help you.

Author

Commented:
Question, am I awarding correctly? (I was told that there a point system but I haven’t seen any here when closing a question)
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I think you did it properly. Thank you

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial