When my system is idle, and I open the view active connections windows it only shows a connection through port 137, and it accumulates some bytes out. I know this port is associated with Netbios. If I disable it I lose my LAN network with my other computer. So my question is, is this connection dangerous? Should I do something or is it normal? Why does it acummulate bytes out even though I’m not using the internet or any other program?
The Comodo stealths the ports 137-139 related to Netbios, so there shouldn’t be any problem right?
Just another questions, I just read in the forum that BITS can be a vulnerability, is there any way to disable it?
NetBIOS is safe over a LAN. NetBIOS is generally not safe over the Internet. So, local (LAN) NetBIOS connections are not dangerous & are to be expected. It accumulates bytes when you’re not connected to the Internet because it isn’t really anything to do with the Internet (directly) & often interacts with other LAN members. Most often NetBIOS is not even usually installed on Internet-facing adapters (modems, LAN cards, etc…).
BITS can be a vulnerability and, as a normal Windows service, you can disable it. BUT… without BITS you will not be able to run Windows Update. However, CFP does watch BITS & will alert you to anything unusual trying to gain access to it. BITS can be limited to only using Microsoft update servers using CFP, but you’d need to remember that you’d done this if Windows Update suddenly failed at a future date (possible if MS changed the update servers).
So since I run a LAN network between this and another computer disabling Netbios is not the answer. My question would be, does Comodo protects me from this Netbios vulnerability? Do I have to change any rules, or the default ones will work just fine?
By default, yes. CFP would have detected your LAN (Network) and assuming you told CFP that you did want to share the LAN, it would have created the appropriate rules to allow full LAN access. By default, CFP does not allow NetBIOS type access on an Internet connection without some sort of user intervention first… by either instructing CFP to share the Internet connection (not to be confused with ICS) or by manually creating rules to allow it.
I just want to add that BITS will use svchost.exe (which, by default, is set to trusted or something) when downloading.
As fpr NetBIOS, the danger of it is overhyped. If the ports are stealth, it’s no big deal, tho it might be wise to restrict acess on the NetBIOS-ports to your routers range only.
As someone who does security for a forturne 500 (:NRD) I assure you that NetBios is secure on a LAN, however one misconfig and you should consider yourself comprimised.
I think Rag takes the idea too far to the exterme. Yes the ports are stealthed but that is no big deal for a hacker.
That being said if you know enough to know what I mean, then you will agree. If you dont, I may be considered coming off a bit strongly, but I only do so because I dont want to have to argue about the finer points.