TCP port 137
Hi guys,
I am trying to test if clients listen on port 137 or not and of course started with the standard telnet ip port method. With or without windows firewall i cannot connect to a client using this port, suggesting to me it is not listening. Now, I am trying to apply a rule to windows firewall GPO port exception list like this:
137:TCP:"*":disabled:Netbios Nameservice
Port 137 TCP is indeed the netbios name service and by blocking this port I shouldnt be able to browse this machine on my connected windows network right? Well I can still browse the clients these windows firewall rules apply to.
Anyone ever tried to disable the port and can help me? I am baffled.
Cheers,
I am trying to test if clients listen on port 137 or not and of course started with the standard telnet ip port method. With or without windows firewall i cannot connect to a client using this port, suggesting to me it is not listening. Now, I am trying to apply a rule to windows firewall GPO port exception list like this:
137:TCP:"*":disabled:Netbios Nameservice
Port 137 TCP is indeed the netbios name service and by blocking this port I shouldnt be able to browse this machine on my connected windows network right? Well I can still browse the clients these windows firewall rules apply to.
Anyone ever tried to disable the port and can help me? I am baffled.
Cheers,
DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
Comments
-
malcybood Member Posts: 900 ■■■□□□□□□□Pash,
could you not just type netstat -a in a command prompt to see if a client is listening for netbios??c:>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP MG-102762:epmap machine.domain.com:0 LISTENING
TCP MG-102762:microsoft-ds machine.domain.com:0 LISTENING
TCP MG-102762:1046 machine.domain.com:0 LISTENING
TCP MG-102762:1761 machine.domain.com:0 LISTENING
TCP MG-102762:7461 machine.domain.com:0 LISTENING
TCP MG-102762:8081 machine.domain.com:0 LISTENING
TCP MG-102762:epmap machine.domain.com:2911 ESTABLISHED
TCP MG-102762:netbios-ssn machine.domain.com:0 LISTENING
TCP MG-102762:427 machine.domain.com:0 LISTENING
TCP MG-102762:1126 machine.domain.com:524 ESTABLISHED
TCP MG-102762:1130 machine.domain.com:524 ESTABLISHED
TCP MG-102762:1132 machine.domain.com:524 ESTABLISHED
TCP MG-102762:1154 machine.domain.com.com:524 ESTABLISHED
TCP MG-102762:1156 machine.domain.com.com:524 ESTABLISHED
TCP MG-102762:1158 machine.domain.com:524 ESTABLISHED
TCP MG-102762:1160 machine.domain.com:524 ESTABLISHED
TCP MG-102762:1185 machine.domain.com:524 ESTABLISHED
TCP MG-102762:1188 machine.domain.com.com:http TIME_WAIT
TCP MG-102762:1189 machine.domain.com:1080 TIME_WAIT
TCP MG-102762:1191 machine.domain.com:http ESTABLISHED
TCP MG-102762:1264 machine.domain.com:8300 ESTABLISHED
TCP MG-102762:4972 machine.domain.com:1522 ESTABLISHED
TCP MG-102762:4973 machine.domain.com:1522 ESTABLISHED
TCP MG-102762:4974 machine.domain.com:http CLOSE_WAIT
TCP MG-102762:1025 localhost:1026 ESTABLISHED
TCP MG-102762:1026 localhost:1025 ESTABLISHED
TCP MG-102762:1027 localhost:1028 ESTABLISHED
TCP MG-102762:1028 localhost:1027 ESTABLISHED
TCP MG-102762:1032 localhost:1033 ESTABLISHED
TCP MG-102762:1033 localhost:1032 ESTABLISHED
TCP MG-102762:1034 localhost:1035 ESTABLISHED
TCP MG-102762:1035 localhost:1034 ESTABLISHED
TCP MG-102762:1042 machine.domain.com:0 LISTENING
TCP MG-102762:1046 localhost:1077 ESTABLISHED
TCP MG-102762:1073 localhost:1074 ESTABLISHED
TCP MG-102762:1074 localhost:1073 ESTABLISHED
TCP MG-102762:1075 localhost:1076 ESTABLISHED
TCP MG-102762:1076 localhost:1075 ESTABLISHED
TCP MG-102762:1077 localhost:1046 ESTABLISHED
TCP MG-102762:9000 machine.domain.com:0 LISTENING
UDP MG-102762:259 *:*
UDP MG-102762:microsoft-ds *:*
UDP MG-102762:isakmp *:*
UDP MG-102762:1030 *:*
UDP MG-102762:1031 *:*
UDP MG-102762:1036 *:*
UDP MG-102762:1040 *:*
UDP MG-102762:1044 *:*
UDP MG-102762:1047 *:*
UDP MG-102762:1761 *:*
UDP MG-102762:1797 *:*
UDP MG-102762:2046 *:*
UDP MG-102762:2746 *:*
UDP MG-102762:3024 *:*
UDP MG-102762:4500 *:*
UDP MG-102762:8081 *:*
UDP MG-102762:8082 *:*
UDP MG-102762:18234 *:*
UDP MG-102762:ntp *:*
UDP MG-102762:netbios-ns *:*
UDP MG-102762:netbios-dgm *:*
UDP MG-102762:427 *:*
UDP MG-102762:1096 *:*
UDP MG-102762:1900 *:*
UDP MG-102762:ntp *:*
UDP MG-102762:1224 *:*
UDP MG-102762:1749 *:*
UDP MG-102762:1800 *:*
UDP MG-102762:1900 *:*
UDP MG-102762:4765 *:* -
malcybood Member Posts: 900 ■■■□□□□□□□You can disable NetBIOS on the actual machine by going to Network Connections - LAN - TCP/IP - Advanced - WINS - Disable Netbios over TCP/IP
When I done this and re-ran a netstat -a the highlighted line in the previous post was not present. This is probably easier than faffing about with firewall configs....I wouldn't rely purely on the Windows firewall either!
Cheers
Malc
p.s the udp service UDP MG-102762:netbios-ns *:* is port 137