Порт 137 для чего используется

Порт 137 для чего используется

Добавлено
Возможно,стоило написать : Операционная система Win2000AdServer SP4 все патчи есть, работает NAV обновлябщий записи каждую ночь.комп работает как PDC

Цитата:

Outpost пишет, но у тебя ведь сервер.

RFC1700 гласит
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS

to lek : Фаерволл видит пакеты от обоих интерфейсов потому,что стоит на той же машине, то есть, он их видит перед там как НАТ делать.

to ooptimum : то,что ты писал отключено,любые TCP UDP пакеты на MyPort<1024 запрещены

Port 137 Details

By default, when File and Print Sharing is enabled it binds to everything, including TCP/IP (The Internet Protocol), rather than just the local network, meaning your shared resources are available over the entire Internet for reading and deletion, unless configured properly. Any machine with NetBIOS enabled and not configured properly should be considered at risk. The best protection is to turn off File and Print Sharing, or block ports 135-139 completely. If you must enable it, use the following guidelines:

1. Use strong passwords, containing non-alphanumeric characters.
2. Attach «$» at the end of your share names (the casual snooper using net view might not see them).
3. Unbind File and Print Sharing from TCP/IP and use NetBEUI instead (it’s a non-routable protocol).
4. Block ports 135-139 in your router/firewall.

Keep in mind that you might still be leaking out information about your system that can be used against you (such as your computer and workgroup names) to the entire Internet, unless ports are filtered by a firewall.

There is also a Critical Windows RPC vulnerability affecting ports 135,139 and 445, as detailed here: MS Technet Security Bulletin [MS03-026]

The following trojans/backdoors also use these ports: Chode, God Message worm, Msinit, Netlog, Network, Qaz
W32.HLLW.Moega [Symantec-2003-080813-3234-99] (2003.08.08) — worm with backdoor capabilities, opens TCP ports 139 and 445.
W32.Crowt.A@mm [Symantec-2005-012310-2158-99] (2005.01.23) — mass mailing worm, opens a backdoor, logs keystrokes. Uses ports 80 and 137.
W32.Reidana.A [Symantec-2005-032515-4042-99] (2005.03.27) — worm that spreads using the MS DCOM RPC vulnerability (MS Security Bulletin [MS03-026]) on port 139. The worm attempts to download and execute a remote file via FTP. Opens TCP port 4444.

Windows Internet Naming Service (WINS) also uses this port (UDP).

Related ports: 135 138 139 445

Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it’s up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the «netstat -aon» command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

SMB port number: Ports 445, 139, 138, and 137 explained

Admins need to know the SMB port number when it comes to setting up firewalls in Windows networks. The earlier version of SMB (SMB 1.0) was originally designed to operate on NetBIOS over TCP/IP (NBT), which uses port TCP 139 for session services, port TCP/UDP 137 for name services, and port UDP 138 for datagram services. (Read my previous comprehensive overview of the SMB protocol.

By default, NBT is installed and enabled in Windows for backwards compatibility, but it is known for exposing file shares and other information to everyone on the network. While it is not a big problem in local networks, it could be a security risk if exposed to the Internet. Man-in-the-middle (MITM) and NetBIOS name service (NBNS) spoofing attacks are common with NTB-enabled networks—particularly if the related ports are not properly safeguarded.

How are SMB and NBT related?

NetBIOS over TCP/IP (NBT) is a completely independent service from SMB, and it doesn’t depend on SMB for anything. The SMB protocol, on the other hand, may rely on NetBIOS to communicate with old devices that do not support the direct hosting of SMB over TCP/IP.

Therefore, the SMB protocol relies on port 139 while operating over NBT. However, normally, for direct SMB over TCP/IP, the SMB port number is TCP 445. By the way, if both NetBIOS over TCP/IP and directly hosted SMB over TCP/IP are available (that is, if ports 445 and 139 are both listening), Windows tries both options at the same time. Whichever responds first is used for communication.

The SMB 2.0 that was introduced with Windows Vista and Windows Server 2008 can operate solely on TCP port 445, and you can safely disable NBT for improved security and reduced network overhead caused by NetBIOS broadcasts.

To see the status of ports 139 and 445 in your system, use the following PowerShell command:

Viewing the status of ports TCP 139 and 445 using PowerShell

The above screenshot shows that both ports TCP 139 and 445 are in the listening state by default.

If you’re interested in disabling the NBT, it needs to be done on each network interface individually. See the following screenshot for disabling it using the GUI on each network adapter:

Disabling NBT on a network interface using GUI

Disabling NBT using the GUI becomes tedious if you’ve got more than one network adapter. The following PowerShell command can help you disable it on all network interfaces at once:

where the value «2» with the SetTcpipNetbios method is used to disable NBT. By the way, the value «1» means enable NBT, and «0» means configure NBT by DHCP.

Disabling NetBios on all network interfaces at once using PowerShell

After disabling it, if you view the status of TCP ports, you will notice that port 139 is no longer listening on your system.

Subscribe to 4sysops newsletter!

Confirming that TCP port 139 is no longer listening

If you do not have any old clients in your network, it is a good idea to block other ports, except for TCP 445 in the Windows Defender firewall.

Что такое NetBIOS? Требуется ли Windows открыть порты 137 и 138?

Я никогда не понимал NetBIOS. Я не понял статью Википедии об этом. Я искал YouTube, но не мог найти видео, объясняющее, что такое NetBIOS.

Что делает NetBIOS? Я использую машину Windows XP, и порты 137, 138, похоже, открыты на моей машине. Должен ли я закрыть их? Или мои окна нужно открыть для какой-то цели? Если нет, то зачем мне NetBIOS?

2 ответов

NetBIOS расшифровывается как Network basic input output system и используется в Windows для обмена файлами и принтерами.

предоставляет услуги, связанные с сеансовый уровень модели OSI, позволяя приложений на отдельных компьютерах для общения по локальной сети.