[Dshield] How to close Microsoft's Netbios i.e. Ports 137, 138 and 139?

Gunilla forum at dshield.org
Mon Aug 22 11:36:24 GMT 2005

Hi List. 

I am not sure how to put this easy but I will try to explain. :-)) 

I had my PC secured very good (I think) by uninstalling Client for Microsoft Network and File and Printer Sharing and disabled some unnecessary Services and all I had left was port 123 (Win Update) as listening, no 137, 138, 139 or 445 or other ports were listening. 

However...in order to give one of the other computers the opportunity to share the Internet connection via a DirectCable I had to reinstall and re-enable some services but all failed to get it connected, so once again I disabled and uninstalled Client for MS Network, File and Printer Sharing and div. services and etc. 

I thought all was well and that my PC was back in that secure state it was before I started messing but via ProtWall I saw that I have a frequent communication with an IP address belonging to my IP block via. port UDP 137 and UDP 138. I guess it is normal in "normal" cases but should it be when I do not have File and Printer sharing and no Client for MS Network? I didn't use to have it before. 

I have looked everywhere on my PC and can't see that I have something enabled, or installed that should trigger this communication but still those ports refuses to be closed. What have I missed? 

This is what I have disabled: SSDP Discovery, UnPnP, Dcom, Win Messenger, Telnet, Terminal Services, WZCSVC, RemoteAccess, SecLogon, Remote Registry, Remote Desktop, NetDDE, NetDDEdsdm, NetMeeting and of course I have no Browser activity. I hope you understood all I wrote about. 

Thanks for your time and regards, 

This message was sent via the web forum at

More information about the list mailing list