Re: Too many connection on port 135 and some security questions

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 12/31/03 

Date: Wed, 31 Dec 2003 00:25:30 -0700

You likely are not using UPnP.
If you are, and you disable its two services, you will know as
some network connected device will become inaccessible.

Here is what I would suggest that you try for your net config.
In the network interface properties for your external connection
to the world uncheck MS Networking and File and Print, and
then turn on the firewall on that interface.
On the interface for your cross-over, leave the NetBT related
bindings checked so you can share there.
(r-click My Computer, then r-Click the interfaces in right panel) 

-- 
Roger
"Fabrizio" <lancill@€mail.it> wrote in message
news:hknIb.28836$_P.1251462@news4.tin.it...
> Hi all, I've Windows XP... using "netstat -n" command I can see too many
> active connection on port 135 from the same range of IP... look at this
> table! My pc was running only the messenger, a web page and listening in
the
> lan!
>
>  -------------------------------------------------------------------------
--
> ---
> Proto  Local address              Remote address           State
> TCP    80.117.13.90:135       64.198.2.130:4597      ESTABLISHED
> TCP    80.117.13.90:135       68.248.140.2:3469      ESTABLISHED
> TCP    80.117.13.90:135       80.116.12.173:3561     ESTABLISHED
> TCP    80.117.13.90:135       80.116.69.126:1623     ESTABLISHED
> TCP    80.117.13.90:135       80.116.93.52:4728      ESTABLISHED
> TCP    80.117.13.90:135       80.116.98.2:4721       ESTABLISHED
> TCP    80.117.13.90:135       80.116.101.31:4751     ESTABLISHED
> TCP    80.117.13.90:135       80.116.117.70:4147     ESTABLISHED
> TCP    80.117.13.90:135       80.116.119.137:4479    ESTABLISHED
> TCP    80.117.13.90:135       80.116.138.199:3122    ESTABLISHED
> TCP    80.117.13.90:135       80.116.142.30:1532     ESTABLISHED
> TCP    80.117.13.90:135       80.116.163.77:1546     ESTABLISHED
> TCP    80.117.13.90:135       80.116.171.13:2779     ESTABLISHED
> TCP    80.117.13.90:135       80.116.172.112:3165    ESTABLISHED
> TCP    80.117.13.90:135       80.116.183.71:4441     ESTABLISHED
> TCP    80.117.13.90:135       80.116.201.102:4521    ESTABLISHED
> TCP    80.117.13.90:135       80.116.203.20:4043     ESTABLISHED
> TCP    80.117.13.90:135       80.116.220.204:4126    ESTABLISHED
> TCP    80.117.13.90:135       80.116.221.206:3486    ESTABLISHED
> TCP    80.117.13.90:135       80.116.223.175:4067    ESTABLISHED
> TCP    80.117.13.90:135       80.116.224.225:1729    ESTABLISHED
> TCP    80.117.13.90:135       80.116.225.142:4845    ESTABLISHED
> TCP    80.117.13.90:135       80.116.231.26:1446     ESTABLISHED
> TCP    80.117.13.90:135       80.116.232.199:4543    ESTABLISHED
> TCP    80.117.13.90:135       80.116.234.167:3613    ESTABLISHED
> TCP    80.117.13.90:135       80.116.247.234:1064    ESTABLISHED
> TCP    80.117.13.90:135       80.116.248.43:4140     ESTABLISHED
> TCP    80.117.13.90:135       80.116.249.73:4743     ESTABLISHED
> TCP    80.117.13.90:135       80.116.249.226:2449    ESTABLISHED
> TCP    80.117.13.90:135       80.116.249.232:3931    ESTABLISHED
> TCP    80.117.13.90:135       80.116.252.100:3893    ESTABLISHED
> TCP    80.117.13.90:135       80.116.253.15:4417     ESTABLISHED
> TCP    80.117.13.90:135       80.116.253.57:3588     ESTABLISHED
> TCP    80.117.13.90:135       80.116.255.84:4986     ESTABLISHED
> TCP    80.117.13.90:135       80.117.0.35:1347       ESTABLISHED
> TCP    80.117.13.90:135       80.117.2.51:3914       ESTABLISHED
> TCP    80.117.13.90:135       80.117.2.110:4252      ESTABLISHED
> TCP    80.117.13.90:135       80.117.3.40:2070       ESTABLISHED
> TCP    80.117.13.90:135       80.117.4.188:3816      ESTABLISHED
> TCP    80.117.13.90:135       80.117.4.219:3829      ESTABLISHED
> TCP    80.117.13.90:135       80.117.9.23:3782       ESTABLISHED
> TCP    80.117.13.90:135       80.117.9.23:3806       ESTABLISHED
> TCP    80.117.13.90:135       80.117.9.139:4823      ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.21:4189      ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.92:2433      ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.127:4024     ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.127:4044     ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.162:2158     ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.162:2178     ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.228:4160     ESTABLISHED
> TCP    80.117.13.90:135       80.117.13.228:4181     ESTABLISHED
> TCP    80.117.13.90:135       80.117.21.36:1789      ESTABLISHED
> TCP    80.117.13.90:135       80.117.21.206:3256     ESTABLISHED
> TCP    80.117.13.90:135       80.117.22.59:4857      ESTABLISHED
> TCP    80.117.13.90:135       80.117.22.99:4276      ESTABLISHED
> TCP    80.117.13.90:135       80.117.22.103:4006     ESTABLISHED
> TCP    80.117.13.90:135       80.117.23.239:3667     ESTABLISHED
> TCP    80.117.13.90:135       80.117.23.248:3776     ESTABLISHED
> TCP    80.117.13.90:135       80.117.25.65:1965      ESTABLISHED
> TCP    80.117.13.90:135       80.117.27.170:3744     ESTABLISHED
> TCP    80.117.13.90:135       80.117.28.36:2029      ESTABLISHED
> TCP    80.117.13.90:135       80.117.28.69:1482      ESTABLISHED
> TCP    80.117.13.90:135       80.117.29.83:2062      ESTABLISHED
> TCP    80.117.13.90:135       80.117.29.211:1178     ESTABLISHED
> TCP    80.117.13.90:135       80.117.29.246:2033     ESTABLISHED
> TCP    80.117.13.90:135       80.138.33.94:1593      ESTABLISHED
> TCP    80.117.13.90:445       80.117.222.195:3776    ESTABLISHED
> TCP    80.117.13.90:3029      207.46.106.88:1863     ESTABLISHED
> TCP    80.117.13.90:4436      212.110.12.173:80      ESTABLISHED
> TCP    80.117.13.90:4437      212.110.13.98:80       ESTABLISHED
> TCP    80.117.13.90:4438      213.152.192.212:80     ESTABLISHED
> --------------------------------------------------------------------------
--
> --
>
> 135 is the epmap port... used also by blaster... but i'm not infected...
are
> those others infected pc attacks?
> note that my Sygate Personal Firewall Pro blocks lots of attacks day by
day
> (about 3000/day!!)
>
> Furthermore I've tried to make a security scan on the the Sygate web site
> with my firewall turned off and I can see that I've the 8, 135, 139
> (netbios), 445, 5000 (UPnP) ports opened!
>
> So these are my questions:
> Turning down UPnP service what's happen to my system?
> Where can I disable Netbios?
> If I disable Netbios my little LAN (2 pc with a cross cable) could have
some
> problem?
> What can I do for 8, 135 and 445?
>
> Thanks a lot, sorry for the long post (and sorry for posting in Italian
> :o))!
> Cya
> Fabrizio
>
>
>
>

Relevant Pages

  • alt.2600 FAQ Revision .014 (2/4)
    ... register struct tcphdr *tcph; ... IP protocol (TCP or UDP) ... greatly increases the time required to scan your network. ... Chrome Manipulate Traffic Signals by Remote Control ...
    (alt.2600)
  • alt.2600 FAQ Revision .014 (2/4)
    ... register struct tcphdr *tcph; ... IP protocol (TCP or UDP) ... greatly increases the time required to scan your network. ... Chrome Manipulate Traffic Signals by Remote Control ...
    (alt.2600)
  • alt.2600 FAQ Revision .014 (2/4)
    ... register struct tcphdr *tcph; ... IP protocol (TCP or UDP) ... greatly increases the time required to scan your network. ... Chrome Manipulate Traffic Signals by Remote Control ...
    (alt.2600)
  • alt.2600 FAQ Revision .014 (2/4)
    ... register struct tcphdr *tcph; ... IP protocol (TCP or UDP) ... greatly increases the time required to scan your network. ... Chrome Manipulate Traffic Signals by Remote Control ...
    (alt.2600)
  • alt.2600 FAQ Revision .014 (2/4)
    ... register struct tcphdr *tcph; ... IP protocol (TCP or UDP) ... greatly increases the time required to scan your network. ... Chrome Manipulate Traffic Signals by Remote Control ...
    (alt.2600)