 | View Full Version : What is NetBios matt2kjones 09-15-2002, 07:48 AM Ok i keep seeing this in my firewall hit list it runs on port 137 if i remember correctly is it a service that should be getting through to my server, or not?? matt2kjones 09-15-2002, 08:14 AM ok sorry, there is actually two different ports used, with slightly different names. They are : 137 - netbios-ns and 139 - netbios-ssn could they be comming from my isp, or is that something that doesn't come from your isp??? also, if it helps, my isp is assigned through dhcp sitekeeper 09-15-2002, 08:19 AM Port 137, 138, and 139 are used by Windows for NetBIOS network communication. Netbios is a somewhat strange protocol, in that it is not a true protocol in and of itself, and it isn't part of the TCP/IP family of protocols, though NetBIOS _does_ work closely with TCP/IP in enabling applications to communicate over a network. It is a common port scanned by script kiddies. As long as you have all of the current updates you should be fine. NETBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. matt2kjones 09-15-2002, 08:26 AM ok i didn't know whether to block it or not so it is a bad thing to have going to your server? because it is blocked at the moment also, this is a linux server not a windows one and also, it isn't comming from my isp?? so i can just leave it blocked then because im worried that its something that needs to be open not for my connection to go down or something. Thanx XTStrike 09-15-2002, 08:39 AM netbios is something that should never be open to anyone external to your network, it allows people to enumerate shares and user names on your system and also brute force attack your system. it is only an issue to windows systems, linux systems do not use this for communication. you should have netbios open on your internal network if you have a windows network to allow users to connect to network shares. hope this helps -XT matt2kjones 09-15-2002, 08:50 AM ok thanx so much for all your information i already have it blocked externally but just wondered if it was need open by my isp or something this is a linux system like i said, but i would rather have it blocked even if linux isn't affected, best to be on the safe side thanx allot Matt |