Thursday, August 5, 2010

Some important ports that you must care about

Port 139 : NetBIOS Session (TCP),

This is the single most dangerous port on the Internet. All "File and Printer Sharing" on a Windows machine runs over this port. Most of the people who use Internet leave their hard disks exposed on this port. This is the first port hackers want to connect to, and the port that firewalls block.

PORT 139 – Information

  • Port Number: 139
  • TCP / UDP: TCP
  • Delivery: Yes
  • Protocol / Name: [Malware known as Qaz]
  • Port Description: [malware info: Qaz]
  • Virus / Trojan: Yes, Caution!

NetBios services:
NETBIOS Name Service (TCP/UDP: 137)
NETBIOS Datagram Service (TCP/UDP: 138)
NETBIOS Session Service (TCP/UDP: 139)

By default, when File and Print Sharing is enabled it binds to everything, including TCP/IP (The Internet Protocol), rather than just the local network, meaning your shared resources are available over the entire Internet for reading and deletion, unless configured properly. Any machine with NetBIOS enabled and not configured properly should be considered at risk.

The best protection is to

>> turn off File and Print Sharing.

>> block ports 135-139 completely.

If you must enable it, use the following guidelines:

1. Use strong passwords, containing non-alphanumeric characters.
2. Attach "$" at the end of your share names (the casual snooper using net view might not see them).
3. Unbind File and Print Sharing from TCP/IP and use NetBEUI instead (it's a non-routable protocol).
4. Block ports 135-139 in your router/firewall.

Keep in mind that you might still be leaking out information about your system that can be used against you (such as your computer and workgroup names) to the entire Internet, unless ports are filtered by a firewall.