Since NetBEUI is an alternative to IP, TCP port numbers cannot possibly be associated with it....
These port numbers are used to carry NetBIOS traffic over TCP and UDP. NetBEUI is an alternative broadcast-based (and THEREFORE local-only) transport for NetBIOS traffic. "File and Printer Sharing" are implemented using NetBIOS. They are not the only things that use NetBIOS, which is why turning them off is not sufficient to turn off NBT (NetBIOS over TCP/IP). If you don't need ANY of the services of NetBIOS, you can turn off NBT completely -- the exact mechanism varies from one Windows version to the next. If you need some of the NetBIOS services, you almost certainly don't want them to transit your perimeter. If you have a small Ethernet-only LAN (only one subnet), you might try to restrict them to local use by installing NetBEUI *and making sure all machines are bound to only do NetBIOS that way*. I don't recommend that, because it's hard to be certain that every box is doing only what you want, and the fact that some stuff is working over NetBEUI can make troubleshooting TCP/IP issues harder. For larger IP-only LANS, your only viable alternative is to block these TCP/UDP ports at the perimeter with a firewall or router access list. Outbound as well as inbound! David Gillett > -----Original Message----- > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > Sent: August 4, 2003 19:30 > To: [EMAIL PROTECTED] > Subject: Re: File and Printer Sharing still turned on after > unchecked...confused :\ > > > The best way to answer this particular problem is that first, > you're not > alone. Second, it's very easy to confuse one protocol with > another. Port > 135, 137, 138, 139 are all associated with NetBIOS and NetBEUI - over > TCP/IP. These are documented and standardized (well, as much > as Microsoft > will let them be standardized...;-] ) in IETF RFC 1001 and 1002. > > Typically, in a Windows OS, specifically NT and Windows 2000, > we'd set the > option Disable NetBIOS over TCP/IP. However, be very aware > that NetBIOS > (the API - not a protocol), NetBEUI (this one's a protocol) > and TCP/IP are > very different. When you remove that check box from 'File and Printer > Sharing' you've disabled, to some degree, NetBEUI. However, > if you have a > TCP/IP stack installed - clearly you do - NetBIOS over TCP/IP is still > viable alive, and quite dangerous. > > Do you need to block it with a firewall? Ummm. Yeah. > Everyone else does - > if you come up with a better option, we're all going to be > VERY interested! > ;o) > > Rick Kingslan > Just Some Security Dweeb > > > >Hi all, > > > >My windows 98 machine still has ports 137, 138, 139 open even after i > turned > >"File and Printer Sharing" options off. I succesfully used > this to get into > > >my system, so as you can imagine it's a big security risk. > How do you shut > >these ports down? I have read many FAQs and papers > concerning this but > >they've all said to just uncheck the two options in the > "File and Printer > >Sharing" window under Control Panel > Networking. I have > asked around on > IRC > >and the most advice I got was to block the ports with my > >router/firewall(smoothwall)...But how come I can't just turn > them off > >myself? > > > > > > ----------------------- > "You can stop this individual, but you can't stop us > all...After all, we're > all alike..." - The Mentor > ----------------------- > > > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
