TCP port 137

PashPash Member Posts: 1,600 ■■■■■□□□□□
Hi guys,

I am trying to test if clients listen on port 137 or not and of course started with the standard telnet ip port method. With or without windows firewall i cannot connect to a client using this port, suggesting to me it is not listening. Now, I am trying to apply a rule to windows firewall GPO port exception list like this:

137:TCP:"*":disabled:Netbios Nameservice

Port 137 TCP is indeed the netbios name service and by blocking this port I shouldnt be able to browse this machine on my connected windows network right? Well I can still browse the clients these windows firewall rules apply to.

Anyone ever tried to disable the port and can help me? I am baffled.

DevOps Engineer and Security Champion. - I am trying to find my writing style, so please bear with me.


  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□

    could you not just type netstat -a in a command prompt to see if a client is listening for netbios??
    c:>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP MG-102762:epmap LISTENING
    TCP MG-102762:microsoft-ds LISTENING
    TCP MG-102762:1046 LISTENING
    TCP MG-102762:1761 LISTENING
    TCP MG-102762:7461 LISTENING
    TCP MG-102762:8081 LISTENING
    TCP MG-102762:epmap ESTABLISHED
    TCP MG-102762:netbios-ssn LISTENING
    TCP MG-102762:427 LISTENING
    TCP MG-102762:1126 ESTABLISHED
    TCP MG-102762:1130 ESTABLISHED
    TCP MG-102762:1132 ESTABLISHED
    TCP MG-102762:1154 ESTABLISHED
    TCP MG-102762:1156 ESTABLISHED
    TCP MG-102762:1158 ESTABLISHED
    TCP MG-102762:1160 ESTABLISHED
    TCP MG-102762:1185 ESTABLISHED
    TCP MG-102762:1188 TIME_WAIT
    TCP MG-102762:1189 TIME_WAIT
    TCP MG-102762:1191 ESTABLISHED
    TCP MG-102762:1264 ESTABLISHED
    TCP MG-102762:4972 ESTABLISHED
    TCP MG-102762:4973 ESTABLISHED
    TCP MG-102762:4974 CLOSE_WAIT
    TCP MG-102762:1025 localhost:1026 ESTABLISHED
    TCP MG-102762:1026 localhost:1025 ESTABLISHED
    TCP MG-102762:1027 localhost:1028 ESTABLISHED
    TCP MG-102762:1028 localhost:1027 ESTABLISHED
    TCP MG-102762:1032 localhost:1033 ESTABLISHED
    TCP MG-102762:1033 localhost:1032 ESTABLISHED
    TCP MG-102762:1034 localhost:1035 ESTABLISHED
    TCP MG-102762:1035 localhost:1034 ESTABLISHED
    TCP MG-102762:1042 LISTENING
    TCP MG-102762:1046 localhost:1077 ESTABLISHED
    TCP MG-102762:1073 localhost:1074 ESTABLISHED
    TCP MG-102762:1074 localhost:1073 ESTABLISHED
    TCP MG-102762:1075 localhost:1076 ESTABLISHED
    TCP MG-102762:1076 localhost:1075 ESTABLISHED
    TCP MG-102762:1077 localhost:1046 ESTABLISHED
    TCP MG-102762:9000 LISTENING
    UDP MG-102762:259 *:*
    UDP MG-102762:microsoft-ds *:*
    UDP MG-102762:isakmp *:*
    UDP MG-102762:1030 *:*
    UDP MG-102762:1031 *:*
    UDP MG-102762:1036 *:*
    UDP MG-102762:1040 *:*
    UDP MG-102762:1044 *:*
    UDP MG-102762:1047 *:*
    UDP MG-102762:1761 *:*
    UDP MG-102762:1797 *:*
    UDP MG-102762:2046 *:*
    UDP MG-102762:2746 *:*
    UDP MG-102762:3024 *:*
    UDP MG-102762:4500 *:*
    UDP MG-102762:8081 *:*
    UDP MG-102762:8082 *:*
    UDP MG-102762:18234 *:*
    UDP MG-102762:ntp *:*
    UDP MG-102762:netbios-ns *:*
    UDP MG-102762:netbios-dgm *:*
    UDP MG-102762:427 *:*
    UDP MG-102762:1096 *:*
    UDP MG-102762:1900 *:*
    UDP MG-102762:ntp *:*
    UDP MG-102762:1224 *:*
    UDP MG-102762:1749 *:*
    UDP MG-102762:1800 *:*
    UDP MG-102762:1900 *:*
    UDP MG-102762:4765 *:*
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    You can disable NetBIOS on the actual machine by going to Network Connections - LAN - TCP/IP - Advanced - WINS - Disable Netbios over TCP/IP

    When I done this and re-ran a netstat -a the highlighted line in the previous post was not present. This is probably easier than faffing about with firewall configs....I wouldn't rely purely on the Windows firewall either!



    p.s the udp service UDP MG-102762:netbios-ns *:* is port 137
Sign In or Register to comment.