Netbios always listening!

Discussion in 'other software & services' started by HandsOff, Dec 30, 2005.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I think there was a time when I had this shut down before, but it is back!

    Process ID 4 TCP Port 139 Listening.


    I've shut it off every way I can think of. I have set WWDC to disable NetBios, but every time I check WWDC it tells me that NetBios will be disabled on my next reboot. Always the next reboot, never actually disabled.

    Im pretty sure PID is some part of windows 'system' whatever that means. I know its possible to shut it down, but possible I have added software or hardware or ISP that needs it? I just don't know!


    - HandsOff
     
  2. Snowie

    Snowie Guest

  3. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Thanks for the link, I don't think they address the aspects of Netbios that interest me, namely

    - Why is it running (do I need it?)

    - How do I turn it off! (TCP 139, UDP 138, UDP 139)

    Am I wrong to think in order for a computer to be secure, one should not have ports that open for reasons that they are unaware of?


    -HandsOff!
     
  4. willcorwin

    willcorwin Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    20
    you can go into local area connection properties an unchecked net bios. this is for networks any way also outdated do to TCP\ip. I looked and my net bios feature for my Ethernet card isn't even installed. hope this was a Little help
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Are you on a home network where you may need file/printer sharing? If so, then you will want to leave it enabled.

    If you do not need it:
    Disable netbios on your NIC
    Stop and disable the TCP/IP NetBIOS service

    Providing the services/ports are not exposed to the Internet you should be secure. While some of these listening services/ports can be stopped/closed, you just have to be careful you do not disable something that is required.

    Regards,

    CrazyM
     
  6. snowie

    snowie Guest

    Seems I mis-understood........thought you were seeking what was running on the netbios ports..........

    Its natural for ISP's to listen on the ports you mention.....an this will show in a firewall..........but the ports are not open.........not if you have a firewall/router.......................an if this is what you mean....an its your ISP listening on those ports.........you can't prevent that.......its just the way ISP's work.....................many people wish the ISP's would get off those ports.......but they wont.

    so, if you only see those ports "listening" when you are connected to the internet.......most likely its your ISP........CM can better explain the behavior..............
     
  7. controler

    controler Guest

    If I remember , Steve Gibson created a small program a few years back to disable netbios.

    You can always go to a command prompt and type net start and see what services you want to dissable.

    Example:

    net stop "DCOM Server Process Launcher"

    net stop "Help and Support"

    net stop "Infrared Monitor"

    net stop "Remote Procedure Call <RPC>"

    net stop "System Event Notification"

    net stop "Windows Time"

    You get the idea:) Keep the quotes


    You can also run from start, run window.

    or you can start or stop them from services in control panel with ADMIN rights

    Happy New Year !!!!!!!!!!!!!!!!
     
    Last edited by a moderator: Dec 31, 2005
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    When you disable that port with WWDC it will give you a yes/no prompt. If you select Yes, it will not close it all the way, but leave that service on "Manual", which means that it will turn on when needed. If you select "No", it will disable that port completely. If you are sharing files or a printer across a local network you will want to leave it as it is, however.
     
  9. willcorwin

    willcorwin Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    20
  10. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Sorry for the delay, I was glad to see that there were many interesting responses. I admit I was a little vague as to the information that I was after. That's because I don't understand the implications of these ports.

    -I do have netbios disabled in services
    -I did not enable it in network connections
    -I did disable it with WWDC
    -Port Explorer shows the three ports listening, but never seems to log anthing as being sent or received.

    (BTW I finally broke down and got port explorer. I've not spent much time with it yet, but I think it is cool!)

    I don't recall being given a yes-no question for NetBios. I do recall DCOM had just such a question. I will check again, but what I always see is WWDC say NetBios will be closed during my next reboot...but after my next reboot, if I run WWDC it says "...will be shut down after next reboot..." again. And yet first I get the congradulatory message about my computer being secure.

    All this would s-e-e-m to suggest there is no big problem. Why the concern? I'll tell you. Because at one point, long ago, these ports were not open. Obviously something has changed.

    I could be the addition of a router.

    I did download some information on what "Listening" means, but have not read it yet. From there I may have to look into the "Net stop" commands. Net Stop has a nice ring to it! I've not come even close to exhausting the possibilities of my new christmas presents, so everything but life-threatening emergencies has been pushed down on the list!


    - HandsOff
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I have the same problem as HandsOff, WWDC is not able to disable the NetBIOS ports, not a big deal but I wonder what causes this. :rolleyes:
     
  12. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Go into the properties for your network connection. Make sure file and printer sharing is unchecked, then go into the TCP/IP properties, advanced, and on the WINS tab put the radio button on "Disable NetBIOS over TCP/IP".
     
  13. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Thanks Notok - I finally found that setting again and switched it from default to disabled. I'll check after reboot to see if the symptoms mentioned go away, but I'm thinking that they will!

    In the process of hunting for that setting I came across this one (which is accessed from using the properties menu of the menu bar in the Network Connections window. I don't know really if there is any importance to this change the order settings, only does this setting list only installed networks, because I would not think I have the first 2 on the ladder, but maybe they don't mean what I think they do. Anyway, it's just curiosity, if you happen to know something about the setting and / or mine looks like it is not how it should be set for someone using an ethernet connection and no telephone modem installed.

    Thanks again, that was really bothering me about the netbios.

    -HandsOff
     
  14. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Nice work Notok. Glad you got him sorted out properly. :D
     
  15. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Notok

    Just wanted to confirm that the steps outlined above fixed the problem. Now, if only we could get Trooper sorted out...!


    -HandsOff
     
  16. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I just recently found this obscure tip that you may want to google-LMhosts-

    Windows XP and Windows 2000 may enable LMHosts lookup on a network using the TCP/IP protocol, which most networks are set up to use by default.

    If there is no LAN Manager Host on a network, which there won't be on most small networks, Windows XP and Windows 2000 can lose themselves for a lengthy periods every time a program is opened as they looks in vain for the Host that isn't present.

    Simply disabling the LMHosts Lookup setting solves the problem completely and allows programs to open at their normal speed.

    This is how the LMHosts Lookup setting is disabled. Open My Computer, click My Network Places, right-click Network Connections, click Properties, then right click on Local Area Connection => Properties.

    Find the Internet Protocol entry and select Properties => Advanced => WINS. Once there, uncheck the Enable LMHosts lookup setting.
     
  17. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hi-

    Yeah, I just encountered that on a machine that was running XP-Pro and was having a problem staying connected. I unchecked that, and did some other things, and something worked! Then I found that my computer had the box checked too, so I unchecked it so I can see if it seems to help my situation or not.

    -HandsOff
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Hi Notok,

    I already knew about that setting but do you perhaps have any idea why WWDC isn´t able to close the ports on it´s own? I thought it was capable of this. ;)
     
  19. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Not Sure I remember well as I have not wwdc. But port 139 to WAN closed can still leave port 139 to LAN open. and some others as well.

    Gerard
     
  20. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
Thread Status:
Not open for further replies.