Security Basics mailing list archives
Re: Listener on ports 137, 138, 139
From: "Matt" <matts2424 () socket net>
Date: Wed, 16 Oct 2002 14:42:57 -0500
Hello! What you are describing is not a virus or backdoor. These listening connections are initiated by default whenever you have Windows file and printer sharing installed and running. They are all a part of the NETBIOS protocol which is used to support file and printer sharing. They listen prior to you connecting to the ADSL, because they are set as listening immediately when you enter Windows. Port 137 is Netbios NAME, 138 is Netbios DATAGRAM, and 139 is Netbios SESSION, and none of them are anything to be worried about (Except, read below) Netbios is mostly used for local area networks and works independent to your ADSL (Though netbios can work over wide area networks as well). If you are not using file or printer sharing on your computer, then it is safe AND wise to turn off this service. Misconfigured file and printer sharing can allow anyone over the internet to access files, and do almost anything you can do to them if you have any folders on your computer shared, and many of the recent worms have done just that. Here is a helpful website on turning it off if you wish to. http://help.twspeed.com/security/pfsharingwindows.asp Hope this helps. -Matt ----- Original Message ----- From: "Rune Berntzen" <rbern8 () online no> To: "Security Basics" <security-basics () securityfocus com> Sent: Tuesday, October 15, 2002 12:27 PM Subject: Listener on ports 137, 138, 139
Hi all, When checking port activity using TCPView I notice that I have a = listener on ports 137,138 and 139. The Local Address seems to be from a Class B network, 169.254.0.0, = which I trace to something called=20 BLACKHOLE-1.IANA.ORG using SmartWhois. The funny thing is that the LISTENING entries are visible in TCPView = even before I connect to my ADSL provider. Anybody has an idea about what this can be. BTW, I am running Norton Internet Security 2001 with updatet virus = definitions. Thanks in advance, Rune
Current thread:
- Listener on ports 137, 138, 139 Rune Berntzen (Oct 16)
- RE: Listener on ports 137, 138, 139 David (Oct 17)
- RE: Listener on ports 137, 138, 139 Gary Axten (Oct 17)
- Re: Listener on ports 137, 138, 139 Matt (Oct 17)
- Re: Listener on ports 137, 138, 139 Not something to worry about ?? Marc R. Braun (Oct 21)
- Re: Listener on ports 137, 138, 139 Scott Fendley (Oct 17)
- Re: Listener on ports 137, 138, 139 Rune Berntzen (Oct 17)
- Re: Listener on ports 137, 138, 139 David Corking (Oct 17)
- Re: Listener on ports 137, 138, 139 Devdas Bhagat (Oct 17)
- <Possible follow-ups>
- RE: Listener on ports 137, 138, 139 Matt Schaelling (Oct 17)
- RE: Listener on ports 137, 138, 139 Bruyere, Michel (Oct 17)