port 137, 138, 139

In this test, http://www.pcflank.com/test.htm, port 137, 138 and 139 are still visible. How do you change that?

 

I've tried the same test and I get a pass. I am using the enhanced rule set. Which one are you using?

 

I also use the enhanced set.

 

I'm still learning about this firewall myself, so I'm not really the best person to help. I do note however that I have a rule to block any other packet as the last rule in my rule set. Quite a few log entries showing blocked connection attempts relate to this rule, e.g., Ports Dest: 137 Src: 1028. Do you have such a rule in your rule set and is it catching anything?

 

Hi Martin

By visible, do you mean "closed" or "open" results?
Are any of the other scanned ports showing in your LnS logs?
Anything else that could impact results - router, ISP filtering?

Regards,

CrazyM

 

"Visible" is the word that's being used in the results of the test. I think it means closed. This is a quote from the report, see what you make of it:

"We have scanned your system for open ports and for ports visible to others on the Internet. As a rule an open port means your computer is vulnerable to attacks by crackers. They gain access to your computer and its files through these open ports.
Warning!
The test found visible port(s) on your system: 137, 138, 139"


"Are any of the other scanned ports showing in your LnS logs?"
Yes, lots of them.

"Anything else that could impact results - router, ISP filtering?"
I have a normal, direct connection to the Internet. No proxy, router or anything else standing in my way.
I don't know about that filtering (although I don't think there is any).

 

Have you tried any other online port scanners to verify these results?

Such as ShieldsUp! at http://www.grc.com

 

I have tried oter firewalls. Kerio, Sygate and ZA also failed the test.
This was the only one that was fully stealthed straight out of the box:
http://www.8signs.com/index.cfm

 

If you loaded in the enhanced rule set then the rule "TCP: Block incoming connections" should be stealthing those ports for you, unless you created some rule(s) above that blocking rule that is allowing connections in on those ports. Are there any rules that you created above that blocking rule? if so what are they?

 

here is some info on closing manually those ports http://grc.com/su-bondage.htm
however if you want a quick fix that can be turned on or off then http://www.grc.com/freepopular.htm and scroll down to "no share"

however if you have activated "enharnced ruleset " then you should be stealthed

 

Hi,

I suppose the ports are closed by another machine between your computer and the server doing the scan. This happens sometimes with some network configuration or with some providers.

Frederic

 

OK, that would explain it. Thanks for the reply.

 

Hi,

That's indeed highly probable.

To be sure, just disable NetBIOS on your system, either manually or by using this prog :

http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/wwdc.htm

After to have disable NetBIOS, reboot, check with "netstat -an" in command line that ports 137/138/139 doesn't exists (closed) and do the scan again.

If the scan again tell you that your ports are opened, then Frederic is right.

regards,

gkweb.

 

Thanks for the link to that program. Very nice.
Netbios was enabled, but disabling it made no difference. The ports are still visible. Never mind, I have disabled Netbios (and all the other thing that were enabled) with Windows Worms Doors Cleaner.

 

So Frederic was right about your ISP

Some routers too with their default configuration send a close response for many ports without forwarding packets to the client computer (and so don't let the firewall drop them).

Glad all is fine now.

gkweb.