What are the open ports in my computer referring to and what should I do

I downloaded an apps called Fing in my iPhone.  That apps Pings, Speed Test, Trace and finds open ports.  I ran "find open ports" to see my Desktop and gave 3 ports open results can be seen in the attached image.

Question, the 3 open ports found open on my desktop 135, 139, 445,
- what exactly is open?
- Should they be closed?
- What is you recommendation.
LVL 1
janaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Look here:  https://www.grc.com/port_135.htm  for ports 135 and 139.  
Look here:  https://www.grc.com/port_445.htm for port 445.

You need to have a router where you can block these ports with Firewall settings if you wish to block them from the Internet.

This is how you deal with ports you are concerned about.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
You can also use Windows Firewall to block ports you do not wish to expose.  I normally just use the router as changes there affect all connected computers.
Giovanni HewardCommented:
FING operates on your local LAN and has access to all your local devices, unlike Internet based hosts.  Your local devices are most likely protected from Internet based hosts by NAT on your firewall or router.  In other words, it's unlikely you have publicly accessible ports exposed to the Internet.  If you have multiple Windows machines, those ports are required for file sharing and other communications between the machines.  Either way, if you're concerned about the open ports (which just means a service is listening on those ports) you can block them with Windows Firewall, as already mentioned.  To be sure if your publicly exposed, you need to run a port scan on your public IP address, from another host on the Internet, not your local network.  I believe FING can do this, but you must specify your public IP not your private. If you don't know your public IP, visit a website which reveals it, such as https://www.whatismyip.com
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
These ports normally refer to the following services...

net14 # egrep "\s+(135|139|445)/" /etc/services 
loc-srv		135/tcp		epmap		# Location Service
loc-srv		135/udp		epmap
netbios-ssn	139/tcp				# NETBIOS session service
netbios-ssn	139/udp
microsoft-ds	445/tcp				# Microsoft Naked CIFS
microsoft-ds	445/udp

Open in new window


Likely they can all be closed + best to research each to ensure you have no software running which requires any of these port to remain open.
btanExec ConsultantCommented:
Unless you need to host file shares, the ports should be closed. Ransomware like the past wannacry uses it to spread as well encrypted all network shares.

While encrypting the victim’s files, it also scans all the visible IPC$ and SMB file shares. It uses the Microsoft MS17-010 SMB vulnerability to gain access to the systems on these shares, and infects those systems, as well. It is this behavior that has enabled WannaCry to quickly infect whole networks in minutes.

Firewall: Block ports 135-139 plus 445 in and out. These are used by hackers to steal your info and take control of your pc and after doing so will use NetBIOS to then use your computer to take over another, etc, etc.. Port 137-139 is for Windows Printer and File Sharing but also creates a security risk if unblocked. But if you share a printer on your network you will have to allow this one but I recommend just go to the pc the printer is hooked up to and use. Port 135 is for RPC service on a remote machine. Where possible, you can also disable SMB (server message block) port 445.
janaAuthor Commented:
Thank you for the info.

Giovanni, from another host on the Internet, bit in my local network, did run FING against the computers internet public IP and it return open port 25 (Smpt Simple Mail Transfer) - the other 3 ports did not appear. Is that ok?
JohnBusiness Consultant (Owner)Commented:
Yes that should be fine
madunix IT Specialist Commented:
Open ports may present an attacker a vector to target a host with. A vulnerability in Server Message Block (SMB) could allow Remote Code Execution (RCE). Restrict sharing to only advanced or privileged users.
https://support.microsoft.com/en-in/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and
janaAuthor Commented:
Understood.

To finalize, I ran FING from another computer from outside the LAN using the internet public IP of my computer with the “open ports”.  The result: ports 135, 139, 445 were not displayed.  Only open displayed as result is port 25 (Smpt Simple Mail Transfer).

To summarize:
When I ran FING within the LAN and found the 3 ports open, this was in a local office LAN.  Yet checking ports open from outside the LAN, all 3 seems inaccessible, only port 25 displayed.

Question:
  • My computer shares drives and I connect to it via Remote Desktop from my iPad from within the local network, should I still close the 3 ports? And can I still have the share and remote desktop function if closed?

  • Since from port 25 was displayed when running FING from outside the network, should I close that port? And will it affect the emails of my computer? (since it displayed ‘port 25 (Smpt Simple Mail Transfer)’.
JohnBusiness Consultant (Owner)Commented:
RDP uses Port 3389 (not one of the above).

Email - you need to check your Exchange setup to see if Port 25 is need. It might be.

On the other ports, read through the links I left you because these ports are sometimes used.

There is a LOT more to security than 4 open ports, so research carefully.
btanExec ConsultantCommented:
You should ask if the port are necessary services required regardless internal or external. There is always an internal threat even behind the firewall or high wall to speak. If they are not needed then disable it as default. Otherwise use a latest version SMBv3 for example if file shares are required. Monitoring for anomalies within internal network is important.

Unless you’re specifically managing a mail server, you should have no traffic traversing this port 25 on your computer or server.

By leaving port 25 unmonitored and open, web hosting providers are at risk of enabling spammers within their network to run wild with huge volumes of spam traffic.

To side track, some web hosting providers block port 25 as a way of stopping the outflow of spam; selectively unblocking the port for customers who make a special request for access and who can prove they are not a spammer.

A comprehensive outbound email filtering system that examines outgoing email to identify web hosting accounts which are spamming is the best way to fight spam in a web hosting network. A good filtering system should be robust against spammer adaptation, and sufficiently accurate that legitimate email is not incorrectly classified and blocked.
janaAuthor Commented:
Thank you all!
JohnBusiness Consultant (Owner)Commented:
You are very welcome and I was happy to help you.
janaAuthor Commented:
Question, am I awarding correctly? (I was told that there a point system but I haven’t seen any here when closing a question)
JohnBusiness Consultant (Owner)Commented:
I think you did it properly. Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
mobile app

From novice to tech pro — start learning today.