Port 139

I did a test with hackerwatch.org and the report states that Port 139 was closed but not secured, described below.

Closed but Unsecure
139 (Net BIOS)
This port is not being blocked, but there is no program currently accepting connections on this.

Should i block this port separately, or should i leave it as it is.


Hi zitsu,

if your machine is not on a network, you can disable NetBIOS completely as described in this link: http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm Also, if you were running Comodo, I believe it should have stealthed port 139 anyways.

stealthed = filtered = opened but closely guarding?

No, stealthed means blocked. In other words, invisible to the outside world.


Lets use myself as an example.

-I’m a 15year old thug lady and I’m a threat to the society and I was reported to the police.
Now, this police are infront of my house(door) knocking and saying;

Police: “Hello” is ‘rki(port)’ home?
A Filtered Port: No, 'rki(port) isn’t home(a voice, there’s a rejected responce)

Police: “Hello” is ‘rki(port)’ home?
Closed Port: No one is answering(silence, no responce at all).

With a ‘Filtered Port’ - you know you heard a voice but, you can’t open the door
With a ‘Closed Port’ - there’s no one answering, no voice, so basically there’s no one at home.

Another way to look at it is this;
Open Port:

  • when you send a SYN to an open port, you should receive a SYN/ACK.
    Filtered Port:
  • when you send a SYN to a filtered port, the packet is simply dropped on the way long and you receive no response.
    Closed Port:
  • when you send a SYN to a closed port, it will respond back with a RST.

ACK: a packet message used in the Transmission Control Protocol to acknowledge receipt of a packet.
SYN: synchronise packet in transmission control protocol.


Hey rki! The example is cool! although i think that you must swap the explnation of cloded <-> filtering.
Withe filter we get no response at all, no one is answering, while with closed port an RST(Reject) packet, voice sends back to the police.

You got it correct with the technical exlpnation but that contradicts with the example of the thug lady above.

…or i misunderstood :wink:


I’m Glad we could help.

The phrase I used of me being a thug lady was just an example to why the Police was after me! and nothing more.


Maybe i didnr made my self clear.
What iw as tryign to say is that inc ase of a closed port we have a voice saying "nobody is here, rejection) while in filtered port we get no answer at all.

Yous aid it correct in tech exaplnation with syn/acks but in the lady exapme you must swap the expanations. No ?!

ps. 1 other thing is in case of filtered ports how our SYN packets gets lost?!
I mean in colsed port we get a rejection packet back but with filtered, the remote host just gets the package but never return it back?!

This GRC | Port Status Info   could seem to be a simplictic explanation on port status, but it is pretty straight forward.


Nikos, ‘No’

  • I quote ""If it were to be an ACK Scan, when you send ACK packets with random acknowledgment and sequence numbers to a specified range of ports. A RST or ICMP Port Unreachable response indicates a filtered port. Usually no responses in log indicates that your packets got through. Can be used to work out if a Firewall is simply blocking SYN packets or is more sophisticated.

  • If it were to be a TCP/UDP/SYN Stealth scans, then ‘Yes’.

  • An example is using the a port scanner like Nmap - Nmap on (TCP/UDP scans)interprets RST ACK responses as meaning the particular port is closed. If no response is received, then nmap interprets this as “filtered” i.e. a firewall is covering that port. Ports that respond with a SYN ACK are obviously interpreted as open.“”


Ok iam talking about this:

Filtered: You dont hear a voice at all.
Closed: There is a voice saying that nobody is home, aka RST(rejection package)

I think you meant it the other way around because the above quoting contradicts with the later tech expl.

One other thing is that now i realizw that if a hosy we scan has stelathed ports we will get no responses back with an RST, but that means its agood indicator that this port is coveered by the firewall…

And not only that but if we scan an y host and we dont get a message back then this is an accurate indicator that this host is alive, up and running other wise we would get an RST lacket back on our SYN attempt. Correct?