Firewalls: Re: Ports 137 & 138

Firewalls
(July 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Ports 137 & 138
From:	anonymous-remailer @ shell . portal . com
Date:	Wed, 17 Jul 1996 06:42:21 -0700
To:	firewalls @ greatcircle . com
Comments:	This message is NOT from the person listed in the From

At 01:22 PM 7/15/96 -0700, you wrote:
>I too am curious about port 137.
>
>My site has no inbound services, only outbound.
>
>Do some NT websites use port 137 to resolve names?  My proxy
>logs indicates that some hits on port 137 are in groups 
>of 3, some from websites.  My perusal of denied 137 hits:
[snip]

NT attempts to use nb name services (udp port 137, unicast) to find out the
NetBIOS name of a machine before it attempts reverse DNS in my experience.
Those sites are prob. open for attack via NBT (NetBIOS over TCP/IP),
although you have to know the NetBIOS name of the machine before it will
respond to a NBT SMB query on tcp port 139.

Use of port 137 by NT:

Unicast UDP: what's your name?
Broadcast UDP: here's my name.

Indexed By Date	Previous:	Re: Satan Program From: "Stefan Berg" <stefan @ sic . se>
Indexed By Date	Next:	programs hackers use From: "Steven C. Payne" <spayne @ stevep . dsdc . dla . mil>
Indexed By Thread	Previous:	Re: ports 137 & 138 From: meowmyx @ morebbs . com
Indexed By Thread	Next:	RE: Dirty Dogs on AOL From: Roger Marquis <marquis @ roble . com>