Tip & How-To about Computers & Internet

Windows File Sharing And The Dangers Of NetBIOS

NetBIOS is a Windows File and Print Sharing protocol, and it uses TCP/UDP ports 135, 137,138, and 139.

* TCP/135 - RPC: This port is potentially quite dangerous. Remote Procedure Calls are requests from one machine to another for service. The RPC service acts as something of a facilitator, or go-between, between the client making the request and the machine being asked for service, i.e. a request is made to this "end-point mapper service" and then a port is allocated dynamically to the service being requested. This is similar to the RPC functionality found in the Unix world, and although it's not technically a "file sharing" port, it ties heavily into Windows networking in general.

* UDP/137 - NetBIOS Name Service: This port is used to attain name resolution for NetBIOS. Think of it as NetBIOS's version of DNS or ARP. It's simply a way to use something you have, make a query, and get something you want in return. For NetBIOS it's from a NetBIOS name to an IP, for DNS it's a DNS name to IP, and for ARP it's from IP to hardware address.

* UDP/138 - NetBIOS Datagram Service: This port primarily allows the SMB browser service to populate the browse lists seen when using "Network Neighborhood".

* TCP/139 - NetBIOS Session Service: This is perhaps the most known Windows port of all, as it is used to transfer files over TCP. This is both the port that NULL Sessions are established over and the port that file and printer sharing takes place on. If you are considering restricting access to ports on your Windows machine, this one needs to be on the top of the list.

NOTE: By disabling NetBIOS, all existing file shares must be shared using the IP address, rather than the NetBIOS Name, or else the share won't work.


How to disable NetBIOS in Windows 2000:

  1. open Windows Explorer
  2. Right click on My Network places and select properties
  3. Click Internet protocol TCP/IP and select properties
  4. Click on Advanced and then WINS
  5. Select Disable NetBIOS over TCP/IP and click ok
  6. Restart your computer
  7. If Windows displays "This connection has an empty ... " message, ignore it and click ok
How to disable NetBIOS in Windows 95/98/ME
  1. open Windows Explorer
  2. Right click on My Network places and select properties
  3. Select Internet protocol TCP/IP and click Properties
  4. In NetBIOS, clear "NetBIOS over TCP/IP" check box and click OK.
How to disable NetBIOS in Windows Vista/7
  1. Click Start, and then click Network. (Or you can click Start, type ncpa.cpl into the search box, and press ENTER).
  2. Click on the Network and Sharing Center, and then click Manage Network Connections.
  3. Right click on the Local Area Connection or the connection you are using, and then select Properties.
  4. Select the Internet Protocol version 4 (TCP/IPv4)
  5. Click the Advanced button under the General tab.
  6. Click the WINS tab.
  7. Click the Disable NetBIOS Over TCP/IP button.
  8. Click Ok.
  9. Restart your computer.

Posted by on

Computers & Internet Logo

Related Topics:

Related Questions:

1 Answer

Fuji xerox DC-II 3005 have 027-516 error, how to solve?


[Cause] During the transfer using SMB of the scan to PC
feature, the SMB server could not be found.

[Remedy] Take one of the following actions, and try again:
Check the following to see if the destination SMB server
and the machine are set up properly for network
communications:
- Check the network cables are plugged in securely.
- Check the TCP/IP settings.
- Check communications of port 137 (UDP), port 138
(UDP), port 139 (TCP).
Check the following to see if the computer correctly
works as an SMB server.
- Check if the file sharing service for Microsoft
Network is activated.
- Check if [NetBIOS over TCP/IP] for TCP/IP
is activated.
- Check if the file sharing service (using
communication through port 137 (UDP), port 138
(UDP), and port 139 (TCP)) are authorized for the
Firewall settings.
For communications which exceed the subnet, check the
WINS server settings, and check if the server address
can be resolved correctly.
For Windows NT 4.0 Server/Workstation, use the
following steps to see if the NetBIOS interface device is
activated on the destination SMB server:
1. Select [Start] > [Settings] > [Control Panel].
2. Display [Services], then select [Messenger] service.
3. Select [Startup] > [Auto] > [OK], then select [Close].
4. Select [Devices] in the [Control Panel], then select
[NetBIOS Interface].
5. Select [Startup] > [Auto] or [Manual] > [OK], then select
[Close].
6. Reboot the

Oct 11, 2016 | Xerox Office Equipment & Supplies

1 Answer

My Netgear PS121 print server requires disabled firewall (Win XP) to install. After installation, which ports has to be open in Windows Firewall, if I want the printserver to work with Windows XP Firewall enabled?


You may try to set Exceptions on the XP Firewall configuration.

Open Windows Firewall, go to Exceptions tab.
Make sure that File and Printer Sharing is checked.
Then click Add Port.
For Port Number, enter 139 and select TCP.
Do the same for port 445 TCP, 137 UDP, 138 UDP, and 9200 TCP.

Nov 03, 2009 | NetGear PS121 Print Server

1 Answer

I have two different domains that are connected via VPN connection through two routers. I can ping from domain to domain via IP address on clients and servers. However I can only do a net view command on server to server. When I run a net view from client (Xp Pro) to server (Windows 2003) using IP address I get network resources not available error 53. I can ping via IP address from client to server fine. What might the problem be?


So you verified ICMP traffic isn't blocked and it appears the servers allow the netBios traffic to pass.

On the client machine, check to make sure the windows print and file sharing is installed and the machine isn't blocking netBios traffic.

Make sure TCP ports 137,139, and 445 are open on the xp machine and any devices in between.

It's acting like the TCP data is being blocked by the client machine.

HTH,
-Aaron



Sep 28, 2009 | Microsoft Windows XP Professional

2 Answers

On my echolink progtam it says to use port 5198 or 5199, how do I do it?


access your router with following link.

http://192.168.1.1
or
http://192.168.0.1

For belkin router http://192.168.15.1

type user nams as "admin" and password as "admin" or blank or "password"

Then go to NAT and prot forwarding .
Select your port and open TCP and UDP protocol.
Then save settings and restart router.
Let me know if you need more assistanse.
Thanks.
then go to NAT

Aug 31, 2009 | Computers & Internet

1 Answer

DP-300 Print Server Access Problem


Using a print server like this, you should not need to "browse" to find the printers. See what ip address has been assigned to the printer. Once you have the ip address, open a command prompt (start -> run -> cmd) and type:
ping <insert ip address>
ex: ping 192.168.0.24

See if you can ping the printer from each of your computers. If you can, great, install the new printer by adding a "local" printer at a new TCP/IP port with the IP address of your printer. If not, then you may have some routing issues.

Are all of the printers connected to the same switch? Do you have multiple "routers" on your network acting as DHCP servers?

Hope this helps.

May 27, 2009 | D-Link DP 300 (DP-300) Print Server

Not finding what you are looking for?

332 people viewed this tip

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

kakima

Level 3 Expert

102366 Answers

David Payne
David Payne

Level 3 Expert

14161 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Loading...