Security Basics mailing list archives
Re: Listener on ports 137, 138, 139
From: Scott Fendley <scottf () uark edu>
Date: Wed, 16 Oct 2002 18:04:58 -0500
I will take a crack at this one. These port numbers are used by Microsoft's net-bios protocol. This is the protocol that you are using to map drives between workstations among other uses.
The address in question is in a reserved address space that the MS TCP/IP stack uses until a DHCP/bootp response has been received.
So all of this is normal operating environment on your windows PC. Personally, if you do not find the need to map drives or browse the Microsoft Network, I would drop the Client for Microsoft Networks and the Netbeui/netbios capabilities on your computer. If you must map drives, then I would set your firewall software to reject netbios traffic except from a particular IP or IP block. This will minimize your exposure to the outside world.
Hopefully, I haven't lost you in my response too much. If you have more questions about this above, I will try to assist you as much as I can.
Scott At 07:27 PM 10/15/2002 +0200, Rune Berntzen wrote:
Hi all, When checking port activity using TCPView I notice that I have a = listener on ports 137,138 and 139. The Local Address seems to be from a Class B network, 169.254.0.0, = which I trace to something called=20 BLACKHOLE-1.IANA.ORG using SmartWhois. The funny thing is that the LISTENING entries are visible in TCPView = even before I connect to my ADSL provider. Anybody has an idea about what this can be. BTW, I am running Norton Internet Security 2001 with updatet virus = definitions. Thanks in advance, Rune
--- Scott Fendley scottf () uark edu Systems/Security Analyst (479) 575-2022 University of Arkansas (479) 575-4753 fax
Current thread:
- Listener on ports 137, 138, 139 Rune Berntzen (Oct 16)
- RE: Listener on ports 137, 138, 139 David (Oct 17)
- RE: Listener on ports 137, 138, 139 Gary Axten (Oct 17)
- Re: Listener on ports 137, 138, 139 Matt (Oct 17)
- Re: Listener on ports 137, 138, 139 Not something to worry about ?? Marc R. Braun (Oct 21)
- Re: Listener on ports 137, 138, 139 Scott Fendley (Oct 17)
- Re: Listener on ports 137, 138, 139 Rune Berntzen (Oct 17)
- Re: Listener on ports 137, 138, 139 David Corking (Oct 17)
- Re: Listener on ports 137, 138, 139 Devdas Bhagat (Oct 17)
- <Possible follow-ups>
- RE: Listener on ports 137, 138, 139 Matt Schaelling (Oct 17)
- RE: Listener on ports 137, 138, 139 Bruyere, Michel (Oct 17)