Open ports

Netstat shows ports 135, 139 and 445 listening for inbound TCP traffic on my system. CPF identified these as “Safe” when the alert first appeared, so I have allowed the traffic. I’m not overly concerned because I’m behind a router, otherwise what are the risks of having these ports listening and what would break if I disallowed the traffic?

Hi Code 2, welcome to the forums.

These ports are all open because of Windows Services/setup…

Port 135 is Microsoft Remote Procedure Call (RPC) Service
Port 139 is Netbios Session Service
Port 445 is Microsoft (Directory Service) DS Service

Depending on your set-up you might need RPC (some applications use it) & the last 2 are both associated with a LAN (file-sharing, etc…). Do you have a LAN? Also please confirm which OS your running.

With a firewall/router combo I don’t believe you are specifically at risk because of these open ports (your router should block all unsolicited connection attempts), although depending on your requirements you may not need some of them.

Isn’t RPC a vital service that can’t be disabled? Also, port 445 is for RPC Locator service. I found the info here.

Thanks for the speedy reply. No, I don’t have a LAN, although other computers use the router for shared Internet access. I use WinXP SP2.

Is it safe, then, to disallow TCP and UDP traffic on ports 139 and 445? Can some Windows services be safely disabled to close those listening ports?

Hi Code 2

Sorry for the delay… dragged shopping (kicking & screaming of course). ;D

I think soyabeaner is correct, you need RPC (both ports 135 & 445). My fault, I wasn’t thinking.

The only one that you can do something about is the Netbios Session Service… Control Panel - Network Connections - right click whatever your connection is - Properties → un-check “File and Printer Sharing for Microsoft Networks” and, if you have it selected, “Client for Microsoft Networks”.

However, just to re-state something… given your set-up I still think you’re completely safe anyway, as the router will probably not (by default) pass on your open ports to the out-side world.

I think you have those port opened within your trusted zone only. Comodo by default doesn’t allow any inbound traffic coming from outside your network. In my opinion, you are safe.