What should we do to block port 139 from allowing connections?

What should I do to block port 139?

Comodo firewall freeware on WinXP constantly reports Active Connections on
port 139: Protocol: TCP, Listening: 139, Bytes In: 0B, Bytes Out 0B

Googling for "Comodo Listening:139", I find the warnings disturbing:
http://www.iss.net/security_center/a...39/default.htm

The web sites say "Port 139 NetBIOS NetBIOS Session (TCP), Windows File
and Printer Sharing is the single most dangerous port on the Internet. All
"File and Printer Sharing" on a Windows machine runs over this port. About
10% of all users on the Internet leave their hard disks exposed on this
port. This is the first port hackers want to connect to, and the port that
firewalls block"

Similar dire warnings are at http://www.linklogger.com/TCP139.htm & others.

What should I do to block this port 139 (I have no need for file sharing or
printer sharing among computers).

Please advise,
thanks in advance

On Thu, 8 Jan 2009 22:48:30 -0800, J. Bouziane wrote:

<snip, snip>

> Comodo firewall freeware on WinXP

Consider removing this PFW.
http://forums.comodo.com/frequently_...o-t9508.0.html
http://forums.comodo.com/help_for_v2...html;topicseen
https://support.comodo.com/index.php...kbarticleid=10

Read through:
Deconstructing Common Security Myths.
http://technet.microsoft.com/en-us/m.../cc160979.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."

For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise Safe-Hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.

Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.

Windows XP: How to turn on your firewall.
http://www.microsoft.com/protect/com...rewall/xp.mspx

Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx

Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx

> What should I do to block port 139?

Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.
OR
Configuring NT-services much more secure.
http://www.ntsvcfg.de/ntsvcfg_eng.html

Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

On Sat, 10 Jan 2009 10:09:06 +0000, LR wrote:

> On 09/01/2009 08:26, Kayman wrote:
>
>> Exploring the windows Firewall.
>> http://www.microsoft.com/technet/tec...l/default.aspx
>> "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the
>> impression of improving your security without doing anything that actually
>> does improve your security."
>>
> That is an interesting statement considering the Vista Firewall has
> outbound protection. Why have they implemented it if it is worthless?

Different operating system!
Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/m.../cc510323.aspx
(read in its entierty, twice, then re-read again )

On Fri, 09 Jan 2009 13:22:19 -0800, John Navas wrote:

> On Fri, 9 Jan 2009 15:26:53 +0700, Kayman
> <kayhkay-nospam-@operamail.com> wrote in
> <qz020sa59kl1$.x679cyn78oa6$.(E-Mail Removed)>:
>
>>> Comodo firewall freeware on WinXP
>>
>>Consider removing this PFW.
>
> Bad advice IMHO -- COMODO Firewall is excellent, much better than the
> Windows XP Firewall.

I am glad you said "IMHO"! Anyway, which 3rd party software manufacturer
are you representing?

>>Read through:
>>Deconstructing Common Security Myths.
>>http://technet.microsoft.com/en-us/m.../cc160979.aspx
>>Scroll down to:
>>"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
>
> Take what Microsoft says about security with a grain of salt --

Oh really! Ever considered communicating with the authors? And have you
ever checked on their credentials?
BTW; what are yours?

> Microsoft has a terrible security record,

Their os's were less secure prior NT WinXP. Be more specific, after all
we're talking about a pc and not a mac.

> and much of what's in that article is self-serving spin.

How so? The application we're talking about comes with the purchase of the
operating system; It's an integral part of the os.

> Most security experts consider outbound filtering, done right, to be an
> important protection.

Oh, really? You mean the so-called 'security experts' writing website ads
for 3rd party firewall applications?

> No matter how careful you are, infections are still quite possible,
> and outbound filtering can help minimize damage from such infections.

A silly statement. Where did you get that idea from?
(ZA or Sunbelt websites?)

> The advice in this article is a bit like saying, you won't ever need an
> antibiotic if you take care not to get infected.

A pitiful analogy. Comparing a virtual world with the real world is nothing
but phantasmagorical.

>>For the average homeuser, the Windows Firewall in XP does a fantastic job
>>at its core mission and is really all you need if you have an 'real-time'
>>anti-virus program,
>
> Firewall Challenge, Results and comments
> <http://www.matousec.com/projects/firewall-challenge/results.php>
>
> Comodo Internet Security is rated 90%, Level 10+, Very good
>
> Windows Live OneCare is rated 5%, Level 1, Not recommended
> One of the worst products tested, listed in red
> [Windows Firewall (XP) is not even considered worth testing.]
>
> "So, what does it mean if the product fails even the most basic tests
> of our challenge? It means that it is unable to do what its vendor
> claims it can. Such a product can hardly protect you against the
> mentioned threats."

Well, you're obviously not paying close attention especially to details!
Microsoft not ever claimed that their firewall included outbound traffic
control. And yet matousec are (repeatedly) testing it for something what is
not and was never there in the first place!
Based on this fact alone, one could assume that matousec are colluding with
the makers of 3rd party firewalls (PFW).

On 9 Jan, 07:48, "J. Bouziane" <jbouzi...@sbcglobal.net> wrote:
>
> What should I do to block this port 139 (I have no need for file sharing or
> printer sharing among computers).

Open your interfaces and unmark "File and Printer sharing..."

This will make sure nobody connect to this port when serviced by OS,
but by doing this you have shown no trust in MS, and maybe what you
really need is a better OS. You may also have no trust in yourself
while open files and printers for sharing, no trust you understand
what you're doing, how it should be done.

BTW, I have a hard time believing that port 139 is a common security
leak after XP. If this is true, it must be common for ppl to share
other folders than "shared folders". Is this really true?

On Sat, 10 Jan 2009 13:49:25 +0000, LR wrote:

> On 10/01/2009 11:48, Kayman wrote:
>> On Sat, 10 Jan 2009 10:09:06 +0000, LR wrote:
>>
>>> On 09/01/2009 08:26, Kayman wrote:
>>>
>>>> Exploring the windows Firewall.
>>>> http://www.microsoft.com/technet/tec...l/default.aspx
>>>> "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the
>>>> impression of improving your security without doing anything that actually
>>>> does improve your security."
>>>>
>>> That is an interesting statement considering the Vista Firewall has
>>> outbound protection. Why have they implemented it if it is worthless?
>>
>> Different operating system!
>> Managing the Windows Vista Firewall
>> http://technet.microsoft.com/en-us/m.../cc510323.aspx
>> (read in its entierty, twice, then re-read again )
> That link is producing exactly the same page as the one I provided so I
> have read it.

Mea culpa! I just responded to your post without clicking on the link you
had provided.

> Why is the author so insistent that "outbound blocking" was used just to
> prevent compromising other systems?

No, not the author but the makers of 3rd party software firewalls are.
You've got to read the entire article more carefully:
"There is a very simple fact about outbound filtering that its proponents
fail to take into account. The usual argument from the host-based firewall
*vendors* is that if a system is compromised, whether by a worm or by an
interactive malicious user, outbound filtering will stop the worm from
infecting other systems or will stop the attacker from communicating out.

Jesper said: *"This is not true."*

What is true is that, all else being equal, outbound filtering would have
stopped some historical malware. However, if Windows XP had come with
outbound filtering, the worms we have seen so far would more than likely
have been written to turn it off or else to circumvent it."

Jesper can be contacted...why don't you give it a go?
http://msinfluentials.com/blogs/jesper/
He's a busy man but will usually respond to reasonable postings. Besides,
he sometimes hangs out at microsoft.public.windows.vista.security

On Sat, 10 Jan 2009 11:45:44 -0800, John Navas wrote:

> On Sat, 10 Jan 2009 19:51:12 +0700, Kayman
> <kayhkay-nospam-@operamail.com> wrote in
> <(E-Mail Removed)>:
>
>>On Fri, 09 Jan 2009 13:22:19 -0800, John Navas wrote:
>>
>>> On Fri, 9 Jan 2009 15:26:53 +0700, Kayman
>>> <kayhkay-nospam-@operamail.com> wrote in
>>> <qz020sa59kl1$.x679cyn78oa6$.(E-Mail Removed)>:
>>>
>>>>> Comodo firewall freeware on WinXP
>>>>
>>>>Consider removing this PFW.
>>>
>>> Bad advice IMHO -- COMODO Firewall is excellent, much better than the
>>> Windows XP Firewall.
>>
>>I am glad you said "IMHO"! Anyway, which 3rd party software manufacturer
>>are you representing?
>
> None.
>
> Are you rude by nature, or do you have to work at it?

It seem your perception of things require fine tuning.

>>> Firewall Challenge, Results and comments
>>> <http://www.matousec.com/projects/firewall-challenge/results.php>
>>>
>>> Comodo Internet Security is rated 90%, Level 10+, Very good
>>>
>>> Windows Live OneCare is rated 5%, Level 1, Not recommended
>>> One of the worst products tested, listed in red
>>> [Windows Firewall (XP) is not even considered worth testing.]
>>>
>>> "So, what does it mean if the product fails even the most basic tests
>>> of our challenge? It means that it is unable to do what its vendor
>>> claims it can. Such a product can hardly protect you against the
>>> mentioned threats."
>>
>>Well, you're obviously not paying close attention especially to details!
>>Microsoft not ever claimed that their firewall included outbound traffic
>>control. And yet matousec are (repeatedly) testing it for something what is
>>not and was never there in the first place!
>>Based on this fact alone, one could assume that matousec are colluding with
>>the makers of 3rd party firewalls (PFW).
>
> We should take your word instead? Hmmm... don't think so.

Wasn't it you who brought up f/w testing conducted by masousec?
And who is "we"? Which organization do you represent? (Oh, another rude
remark).
*You* may not comprehend the context of what is being said but many others
will.
Have a wonderful day
EOD

On 11 Jan, 04:44, "Bill Kearney" <wkearne...@hotmail.com> wrote:
> >> No again, what of drive shares? *\\some.ip.add.ress\c$ and the like.
>
> > My point exactly in re FUD. Admin shares aren't accessible unless you have
> > a password.
>
> Which assumes there's a password set, or that it's not simply "password".
> When you ass-u-me...

Then you're open for attacks in much greater scale than a simple non
intended share. Don't reduse this debate down to protecting dumb fucks
from dumb fucks. Ppl who run their adm account without password we can
only help by turning off their machines or hitting them in the head
with an axe.

All this crap about open ports and what security risk they represent
comes from a time when OS was so unreliable that it was possible
destroy an OS installation by sending "bad" packets to a port. Even if
it's still possible to destroy OS installation by sending something to
a port, this isn't an reasonable argument to tell ppl to shut dumb
certain ports. It's rather a valid argument to tell the morons who
made the service that handle the port to stop sucking dicks and start
to make robust software. Nothing else is reasonable, but to assume
that the OS is secure. By assuming it's not, the only reasonable
conclusion would be to stop using it, if one want to be protected from
hackers.

Chrisjoy <(E-Mail Removed)> wrote in
news:d60ecee0-bb99-4239-a60c-(E-Mail Removed):

> On 9 Jan, 07:48, "J. Bouziane" <jbouzi...@sbcglobal.net> wrote:
>>
>> What should I do to block this port 139 (I have no need for file
>> sharing or printer sharing among computers).
>
> Open your interfaces and unmark "File and Printer sharing..."
>
> This will make sure nobody connect to this port when serviced by OS,
> but by doing this you have shown no trust in MS, and maybe what you
> really need is a better OS. You may also have no trust in yourself
> while open files and printers for sharing, no trust you understand
> what you're doing, how it should be done.
>
> BTW, I have a hard time believing that port 139 is a common security
> leak after XP. If this is true, it must be common for ppl to share
> other folders than "shared folders". Is this really true?

Yes. I'd venture a guess that the majority of home network shares are full
drive shares, and not just whatever the Windows default 'Shared Documents'
actually shares.

On 12 Jan, 03:15, "Bill Kearney" <wkearne...@hotmail.com> wrote:
> Spare us the "arrogant ass" routine.

I only spare ppl of such when they do not combine cluelessness and
arrogancy.