Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocking NetBios

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 15 Jun 2004 13:58:42 +0200
On 2004-06-12 kitty () cert org cn wrote:

How can I know if NetBios of my system  is available or not ?


You know it, if a port scan from a remote system reveals that ports
137-139 are open.


Whether typing  command "netstat -an"  to see if the port 139 is open
or not?


That may or may not be sufficient. Use a portscan to know for sure.


Then what are the port 135, 137,138, 445 used for?  After disable the
TCP/IP--> Win--> over TCP/ip NetBios ,  only 139  is disabled. who can
explain it?


135 -> RPC Endpoint Mapper (needed for NetBIOS and other services)
137 -> NetBIOS Name Service
138 -> NetBIOS Datagram
139 -> NetBIOS Session
445 -> Direct SMB (Windows shares without NetBIOS)

HTH

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: