dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1724
share rss forum feed


Mark
Premium
join:2001-11-15
Phoenix, AZ
kudos:1

Netbios Session Service - Port 139

This is the service that starts a Netbios session.

NetBios services allow file sharing over networks. When improperly configured, they can expose critical system files or give full file system access to any malicious intruder connected to the network. The intruder can gain access to victim's system files: run, delete, copy, upload/download. When file sharing is enabled on Windows machines they become vulnerable to both information theft and certain types of worms.


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

It's sometimes important to note that file/printer sharing is just one of a potentially open-ended set of applications using Netbios Session. Netbios Session dispatches connections to particular applications based on a 16-byte name sent in a session setup request; you can see the names in use on a particular machine with the nbtstat -n command.

By convention, Netbios apps use the last byte as a sort of protocol type (just like TCP or UDP apps use a port number as a sort of protocol type). The server side of file/printer sharing uses the machine name with a last byte of 0x20 (ascii space); the clent side of file/printer sharing uses the machine name with a last byte of 0x00 (ascii nul).

From a security point of view, however, if you take the simple approach of screening tcp/139 from the outside world, you don't need to know this extra detail.