Ports 137-139

Discussion in 'other firewalls' started by djg05, Jun 5, 2006.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have just been trying out Comodo f/w. Looking through the rules it set I noticed that Windows service had been set to 138. I always thought that these ports should be blocked in and out. Should this port be used?
     
  2. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    What windows service?

    Ports 137-139 are NetBios ports which are used for file and printer sharing across a LAN. So if you are behind a router, trust your network, and need to share files or printers, then they should be open.

    However, these ports are exploited by several malwares, and also if open can allow a cracker access to your pc and files :ninja:

    I need to know what service though and tell me what environment your computer is in to determine whether or not the ports should be used.

    Cheers,

    Alphalutra1
     
  3. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    It is Services.exe in C:\WINNT\system32
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I don't think services.exe needs internet access, but I may be wrong here. If you are behind a router, keep the rule. Otherwise, try deleting it and seeing if any popup happens. If so, post back. Others may have some more info here.

    Cheers,

    Alphalutra1
     
  5. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    That's curious. I am sure I was told or read that Services needs access to the net, yet I have denied it totally in Kerio and am still able to connect. Maybe it was for auto updating of Windows.

    This is what I am not sure about in Comodo and probably others in that it allows what it considers safe to connect permission without reference to the user. As far as I am concerned the less that are allowed free range the better.
     
  6. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    SVCHOST.exe is used for windows update, I think you can block it without any problems. Services.exe is only used for starting and stopping services so I think it doesn't need internet access.

    Cheers,
    Alphalutra1
     
  7. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    SVCHOST.exe, the Microsoft Generic Host Process for Win32 Services, may need the following rules:

    1. Inbound local bootps rule
    Direction: inbound
    Port: UDP port 67 {bootps}
    Action: Permit

    2. Outbound remote bootpc rule
    Direction: outbound
    Port: UDP port 68 {bootpc}
    Action: Permit

    I had to add those to my default NIS rules, and they work just fine. But your mileage may vary, if you don't need to add any permissions for the Generic Host then that is the safest way to go. To use ZoneAlarm terminology, SVCHOST on some systems may need local {not global} server rights. Hope that helps.
     
Loading...
Thread Status:
Not open for further replies.