135,137,138,139 ports

Hi
Windows XP SP3
CIS_3.9.95478.509
My configurations: “Firewall Behavior Settings” - “Custom Policy Mode”,
“Stealth Ports Wizard” - “Block oll incoming connections, stealth my ports to everyone”
I proceeded to test Advanced Port Scanner on pcflank.com and got the result:
135,137,138,139 ports are “closed”. Why not “stealthed” ?

First question, are you using a router?

There is no use. I am use dial up connection with dynamic ip during test.

What will be the second question?

Port closed means the system that got scanned responded with a TCP reset (RST) packet there for it’s not stealth, but if your running windows and have a bad firewall config it’s very unlikely that those ports would respond with a TCP RST.

Can you try this, open a command-box (start,run,cmd) and type

netstat -an
see if there are listeners for those ports, it should look like this:

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

Thanks. I did it and there is not one of these ports (135,137,138,139) in the list.
(I used “Windows Worms Doors Cleaner”)

Okay that could also mean you “killed” the firewall function of CIS :wink:
I would not recommend disabling TCP 135 with such tools, i would not use it at all.

You can get rid of the 137,138,139 by going to the Network Adapter properties and select TCP/IP, go to WINS and set “Netbios over TCP/IP” to disabled.

That will only leave 135 and 445 listening and those can be nicely firewalled by CIS, no you are almost certainly running a crippled version of Windows, that could result in all sorts of unexpected behavior.