Re: Blocking NetBios

• Previous message: Jimmy Brokaw: "192.168.x.x oddities"
• Maybe in reply to: Kareem Mahgoub: "Blocking NetBios"
• Next in thread: Ansgar -59cobalt- Wiechers: "Re: Blocking NetBios"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 15 Jun 2004 13:58:42 +0200
To: security-basics@securityfocus.com

On 2004-06-12 kitty@cert.org.cn wrote:
> How can I know if NetBios of my system is available or not ?

You know it, if a port scan from a remote system reveals that ports
137-139 are open.

> Whether typing command "netstat -an" to see if the port 139 is open
> or not?

That may or may not be sufficient. Use a portscan to know for sure.

> Then what are the port 135, 137,138, 445 used for? After disable the
> TCP/IP--> Win--> over TCP/ip NetBios , only 139 is disabled. who can
> explain it?

135 -> RPC Endpoint Mapper (needed for NetBIOS and other services)
137 -> NetBIOS Name Service
138 -> NetBIOS Datagram
139 -> NetBIOS Session
445 -> Direct SMB (Windows shares without NetBIOS)

HTH

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Jimmy Brokaw: "192.168.x.x oddities"
• Maybe in reply to: Kareem Mahgoub: "Blocking NetBios"
• Next in thread: Ansgar -59cobalt- Wiechers: "Re: Blocking NetBios"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]