Port 139 is "NetBIOS Session". Here's
BlackICE's discussion of it. It can be disabled by unbinding "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" from your network adapter.
Note that you will lose all LAN access to and from other Windows machines if you do that.
Port 5000 is used by the "Universal Plug and Play" service. It can be disabled with
a utility provided by Steve Gibson. Very few sites need "UPnP" enabled.
jwatt
4.4K Posts
0
May 14th, 2004 16:00
Note that you will lose all LAN access to and from other Windows machines if you do that.
Port 5000 is used by the "Universal Plug and Play" service. It can be disabled with a utility provided by Steve Gibson. Very few sites need "UPnP" enabled.
Jim
Navin kurian
526 Posts
0
May 14th, 2004 17:00
About port 139
NetBIOS Session (TCP), Windows File and Printer Sharin
This is the single most dangerous port on the Internet. All "File and Printer Sharing" on a
Windows machine runs over this port. About 10% of all users on the Internet leave their hard
disks exposed on this port. This is the first port hackers want to connect to, and the port that
firewalls block.
Windows operating systems (win95, win98 and NT) implement a network protocol called NETBIOS. A
machine with Netbios running over TCP/IP usually listens on several ports for SMB packets
(regular IP packets with microsoft formats inside them).
By default, Windows machines advertise their existence and their name, domain and usernames, to
anything that asks, without requiring a password for this information. Your desktop configuration
may not have any public shares, or all shares may be password protected, but your machine will
still advertise its login name and workgroup name to anything that asks it. It may also crash if
sent a netbios packet designed to exploit a bug.
nbtstat is the name of a windows command prompt program that can be used to query any machine for
this information.
http://grc.com/port_139.htm
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm
http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.htm
example of a virus which exploits port 139
http://securityresponse.symantec.com/avcenter/venc/data/w32.mumu.b.worm.html
but you need to looks out for port 445 "if" you have windows xp
http://grc.com/port_445.htm
http://www.uksecurityonline.com/husdg/windows2000/close445.htm
http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm
About port 5000
SSDP Discovery Service - which enables discovery of UPnP devices. Unless your Toaster is hooked
up to your PC, this service is really not needed by the average user.
get unplug and pray to disable that service
http://grc.com/UnPnP/UnPnP.htm
http://www.mvps.org/winhelp2002/services.htm
with the blaster and sasser worm on the loose you need to take a look at dcom also
http://grc.com/dcom/