Re: Can disabling NetBT on a NIC prevent firewalls from seing hits on port 137?

From: NeoSadist (neos@dist)
Date: 11/05/02

• Next message: Microsoft Newsgroups: "Re: How to globally change machine local admins"
• Previous message: johnnny_b_good: "Re: IPSEC on two different NIC's"
• In reply to: Vince C.: "Can disabling NetBT on a NIC prevent firewalls from seing hits on port 137?"
• Next in thread: Karl Levinson [x y] mvp: "Re: Can disabling NetBT on a NIC prevent firewalls from seing hits on port 137?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "NeoSadist" <neos@dist>
Date: Mon, 4 Nov 2002 17:32:35 -0700

"Vince C." <none@hotmail.com> wrote in message
news:OobgAWFhCHA.1760@tkmsftngp12...
> Hi all,
>
> I've installed a W2K adv. server with 2 NICs: one conected to my cable
> modem, the second to the LAN. I have disabled NetBIOS over TCP/IP on the
> Internet NIC to reduce security risks. I've installed Kerio Personnal
> Firewall and configure rules so that everything that is denied access is
> logged. I've denied all inbound access to everything but the LAN,
> 192.168.0.x, (which is granted access on all ports). I setup W2K server as
a
> NAT router to hide local IPs.
>
> When I get probed on port 137, I don't see any report or any entry in
> Kerio's log. I'm reported Stealth on port 137 by public probe testers like
> the ones @ grc.com and a couple of others but I don't see any entry in my
> Firewall's log. I can see probes on any other port but port 137.
>
> I've reinstalled my server from scratch, checked for viruses with
PC-Cillin,
> AVG and Norton AV 2002 and none of these reported any infection.
>
> Doing a netstat -a -n shows nothing is llistening on port 137.
>
> Can anybody tell me if it's normal? Does Windows 2000 trap TCP/UDP on port
> 137 *before* Kerio? If so how come does Kerio trap the rest?
>
> Thanks a lot.
>
> --
>
> Vince C.
>
>

It should.

• Next message: Microsoft Newsgroups: "Re: How to globally change machine local admins"
• Previous message: johnnny_b_good: "Re: IPSEC on two different NIC's"
• In reply to: Vince C.: "Can disabling NetBT on a NIC prevent firewalls from seing hits on port 137?"
• Next in thread: Karl Levinson [x y] mvp: "Re: Can disabling NetBT on a NIC prevent firewalls from seing hits on port 137?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Still cant connect to RWW or OWA remotely ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ... (microsoft.public.windows.server.sbs) Re: Still cant connect to RWW or OWA remotely ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ... (microsoft.public.windows.server.sbs) Re: ISA 2004 setup fails on brand new SBS 2003 Premium installatio ... It will assist you in changing the SBS LAN NIC IP. ... How to configure Internet access in Windows Small Business Server 2003 ... how to use CEICW (Confgiure Email and Internet Connection Wizard) ... Nics in server attached to LAN switch in the 192.168.0.1-255 range ... (microsoft.public.windows.server.sbs) Re: Win2K RRAS/VPN Help ... having two NICs in the same IP subnet is a bad idea (especially ... Your server will still ... machines are using the Linksys as their default gateway they can all plug ... LAN clients would use the server's LAN NIC as their default gateway, ... (microsoft.public.win2000.ras_routing) Re: Can only connect to local RWW, over internet cannot ... This if from my working LAN. ... I am testing this tool from my own lan and says 4125 port is closed, ... It has a hardware sonicwall firewall. ... move to the server. ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint