I confirm that I’m in P2P mode but since that kind of port’s request (NETBIOS related) are not required for P2P sharing I don’t understand the need to ask the user… NETBIOS is mostly for network print sharing,… ???
This is also scary that since for Comodo’s Firewall svchost.exe lsass.exe are “safe” tasks… It will auto accept the request after a while if the user is away from the computer and so hasn’t been able to decide by himself what to do…
Gee this is an old post, but I came across after I noticed my fire wall logging events on
port 137, did a Vivisimo search and found this post. The search also gave me hundreds of hits
concerning SEVERE security risks associated with these ports: 135,137 and 445
None offered a solution. My computer (System) is set up allowing me to try whatever I want with impunity
and I can ax whatever I feel like from the registry. If my system crashed I simply reclone from my
backup drive and in a few minutes all is well. The following works with Windows XP:
To get rid of these pesty nbname attemts to make port 137 UDP transmissions I simply
axed the key “NameServerPort” (which defines what port nbname wants to use…BEHIND YOUR BACK!)
click on [run] type regedit click [ok]
on the left pane navigate to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
while you are there you might as well fix the port 135problem along with 137:
locate the key TransportBindName in the right pane, double click it and then erase whatever is in
the popup, making it a blank. Then locate the key NameServerPort in the same pane
I deleted this key and never had another firewall alert again concerning these ports.
To close port 445 navigate on the left pane to the key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Then on the right pane locate : “EnableDCOM”=“Y”
double click this key and change the Y to a N
After that close regedit and reboot. You will never have another svchost or nbname problem again.
Hi freshhh, i’d say it depends on the way the traffic is flowing…
Is it incoming then it are “attacks” from possible virus infected systems. And you can setup a global block rule.
But if it’s outgoing then you are probably infected and trying to “infect” others.
It’s not blocked by default because the stealth wizard by default is:
Ask me for incoming connections, stealth on a per port basis, if you don’t host a webserver or need other incoming traffic i suggest you set the stealth port wizard to “Block all incoming connections”.
This will create a few extra rules in you global firewall policy.
I know that this is very old topic but i came across when i searched for solution to exact problem that i have.
Since Bernhard answered very well, I have just a quick question. If and when we disable those ports or related services, aren’t we going to be unable to connect to other LAN resources? Like connect to shared folders and accessing various other services on other LAN computers.
From the top of my head, if you set this on a client it should still work.
If you configure this on the “server” it will fail.
If you only wish to disable the “old” NetBios over TCP port 137/138/139 thus leaving 445 listening you can simply set it to disabled on the TCP/IP Properties tab, WINS, select Disable NetBios over TCP/IP.
I have 1 XP box, 2 Win7 boxes and 1 Linux.
Therefore i can safely disable NetBios over TCP/IP on all my machines and i am still going to be able to connect to all my boxes at home and use features like shared folders and media streaming in new win7 as long as i have 445 open?
Sorry for my ignorance but I was never so much into windows LAN networking
I checked under /etc/services and i found this entry: microsoft-ds 445/tcp #Microsoft Naked CIFS
Therefore i think it should work, right.
Just one last quick question. What did you meant by “If you configure this on the “server” it will fail.”?
As far as I understand every client it’s potentially server too, right? Because at one point it could be some PC a server to the others when they want to connect to it, and at another time it can be a client because it want to connect to others.
Anyway I think I should play around a bit to see the effects right maybe this weekend
Well to connect to an other hosts “service” the “client” needs to know what port to ask the “server” for this service, for instance if you use your browser it will default ask the “server” on TCP port 80 that’s the agreed port for http traffic. If your “client” connects to a shared folder on a “server” depending on it’s Windows version level it will start to connect on TCP445 and if that fails it will fallback to TCP139.
Now if you disable these ports on a “server” it won’t be able to share it’s files anymore 88)
And yes “client” and “server” can be both on a system depending on who shares what…
aha I see now. Big thanks mate. Didn’t know that NetBios over TCP/IP is fall-back for newer direct TCP/IP.
I did as you suggested on the linux box and I got following:
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
Therefore I think it’s safe now to disable NetBios on all my machines since i don’t run any win2000 or win98 ;D
