Port Authority Edition – Internet Vulnerability Profiling
by Steve Gibson,  Gibson Research Corporation.





Goto Port 136
Probe Port 137
Enter Port: 0-65535
Goto Port 138



Port Authority Database

Port 137

Name: 
netbios-ns

Purpose: 
NetBIOS Name Service

Description: 
UDP NetBIOS name query packets are sent to this port, usually of Windows machines but also of any other system running Samba (SMB), to ask the receiving machine to disclose and return its current set of NetBIOS names.

Related Ports: 
138, 139, 445




Background and Additional Information:

When Microsoft first awoke to the wide area network (WAN) Internet, its local area network (LAN) NetBIOS file sharing technology was using a "transport protocol" known as NetBEUI. Unlike the Internet Protocol (IP), NetBEUI does not have the concept of "ports". So Microsoft grabbed a trio of three successive Internet ports 137, 138, and 139, to use for the transport of their existing NetBIOS protocol over IP-based LAN and WAN networks. The horrors of insecurity resulting from Microsoft's exposure of their NetBIOS protocol to the Internet are legendary. They were the original impetus for our creation of the ShieldsUP! services, and our ongoing research into personal computer security and privacy.

As a result of the continuing security concerns created by the default global exposure of Windows' NetBIOS file sharing, many ISPs are now blocking this wildly abuse-prone trio of ports on behalf of their users. Many users will find that the various ShieldsUP! probes and scans will report a "stealth" status for these ports without any user-side protection of any kind. After a decade of trouble, ISPs have stepped up and decided that, much as they didn't want to be involved in the need to block specific ports, they are doing their users a security service for which Microsoft has been unwilling to take the necessary responsibility.

If you are curious to learn more about the truth and consequences of Microsoft's Windows NetBIOS file sharing, the topic is covered carefully and in detail in a series of pages beginning here: http://www.grc.com/su-explain.htm.

445?

In the name of backward compatibility, Windows 2000 and subsequent Microsoft operating systems continue to support the original NetBIOS port trio. But with Windows 2000 and beyond, Microsoft has moved their NetBIOS services over to port 445 — and, perhaps not surprisingly, created an entire next-generation of even more serious security problems with that port. See the port 445 page for details.

RFC's

The NetBIOS over IP protocols are described in a pair of consecutive Internet RFC documents:

RFC 1001: An overview of concepts and methods . . .

  http://www.ietf.org/rfc/rfc1001.txt

  http://www.faqs.org/rfcs/rfc1001.html

RFC 1002: Detailed specifications . . .

  http://www.ietf.org/rfc/rfc1002.txt

  http://www.faqs.org/rfcs/rfc1002.html

Trojan Sightings: Chode

The entire contents of this page is copyright © 2008 by Gibson Research Corporation.


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page