port 137, 138, 139

Discussion in 'LnS English Forum' started by Martin Aston, Apr 21, 2004.

Thread Status:
Not open for further replies.
  1. Martin Aston

    Martin Aston Guest

  2. redman

    redman Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    41
    I've tried the same test and I get a pass. I am using the enhanced rule set. Which one are you using?
     
  3. Martin Aston

    Martin Aston Guest

    I also use the enhanced set.
     
  4. redman

    redman Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    41
    I'm still learning about this firewall myself, so I'm not really the best person to help. I do note however that I have a rule to block any other packet as the last rule in my rule set. Quite a few log entries showing blocked connection attempts relate to this rule, e.g., Ports Dest: 137 Src: 1028. Do you have such a rule in your rule set and is it catching anything?
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Martin

    By visible, do you mean "closed" or "open" results?
    Are any of the other scanned ports showing in your LnS logs?
    Anything else that could impact results - router, ISP filtering?

    Regards,

    CrazyM
     
  6. Martin Aston

    Martin Aston Guest

    "Visible" is the word that's being used in the results of the test. I think it means closed. This is a quote from the report, see what you make of it:

    "We have scanned your system for open ports and for ports visible to others on the Internet. As a rule an open port means your computer is vulnerable to attacks by crackers. They gain access to your computer and its files through these open ports.
    Warning!
    The test found visible port(s) on your system: 137, 138, 139"


    "Are any of the other scanned ports showing in your LnS logs?"
    Yes, lots of them.

    "Anything else that could impact results - router, ISP filtering?"
    I have a normal, direct connection to the Internet. No proxy, router or anything else standing in my way. :)
    I don't know about that filtering (although I don't think there is any).
     
  7. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
    Have you tried any other online port scanners to verify these results?

    Such as ShieldsUp! at http://www.grc.com
     
  8. Martin Aston

    Martin Aston Guest


    I have tried oter firewalls. Kerio, Sygate and ZA also failed the test.
    This was the only one that was fully stealthed straight out of the box:
    http://www.8signs.com/index.cfm
     
  9. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
    If you loaded in the enhanced rule set then the rule "TCP: Block incoming connections" should be stealthing those ports for you, unless you created some rule(s) above that blocking rule that is allowing connections in on those ports. Are there any rules that you created above that blocking rule? if so what are they?
     
  10. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
  11. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    I suppose the ports are closed by another machine between your computer and the server doing the scan. This happens sometimes with some network configuration or with some providers.

    Frederic
     
  12. Martin Aston

    Martin Aston Guest


    OK, that would explain it. Thanks for the reply.
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    That's indeed highly probable.

    To be sure, just disable NetBIOS on your system, either manually or by using this prog :

    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/wwdc.htm

    After to have disable NetBIOS, reboot, check with "netstat -an" in command line that ports 137/138/139 doesn't exists (closed) and do the scan again.

    If the scan again tell you that your ports are opened, then Frederic is right.

    regards,

    gkweb.
     
  14. Martin Aston

    Martin Aston Guest

    Thanks for the link to that program. Very nice.
    Netbios was enabled, but disabling it made no difference. The ports are still visible. Never mind, I have disabled Netbios (and all the other thing that were enabled) with Windows Worms Doors Cleaner.
     
  15. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    So Frederic was right about your ISP :)

    Some routers too with their default configuration send a close response for many ports without forwarding packets to the client computer (and so don't let the firewall drop them).

    Glad all is fine now.

    gkweb.
     
Thread Status:
Not open for further replies.