From: Gary Britt 




  



Those would be common places to seek to exploit.

Gary

Geo wrote:

  
  
  
  
  the worm
I mentioned uses 139 to
spread via NT and 445 to spread via W2K.
   
  Geo.
  

    "Gary Britt" <glbNOSPAM">mailto:glbNOSPAM{at}gencogDOTcom.com">glbNOSPAM
{at}gencogDOTcom.com>
wrote in message news:455491ca{at}w3.nls.net...
    
Thanks,
    
In checking open ports on my machine, net bios uses 137, 138, &
139.  Port 445 is open for both UDP and TCP.
    
Gary
    
    
John Beckett wrote:
    

      Gary Britt <glbNOSPAM{at}gencogDOTcom.com>mailto:glbNOSPAM{at}gencogDOTcom.com"><glbNOSPAM{at}gencogDOTcom.com>
> wrote in message
news:<455340ef$1{at}w3.nls.net>:">mailto:455340ef$1{at}w3.nls.net"><455340ef$1{at}w3.nls.net>:
  
      
        OK, thanks for the info.  I have a mix
of winXP, win2K,
and sometimes
win98 machine, so I usually keep net bios turned on.  If I understood you
correctly you are saying that if I use static IP addresses for the machines
in the peer network and make entries in each machine's hosts file then I
wouldn't need net bios?
    
      
      
For XP and W2000, I'm pretty sure yes (i.e. using static IPs and having a
valid hosts file on each computer, and disabling NBT would be ok for file
sharing etc).

For W98, I believe you would need NBT enabled ... but not sure.

  
      
        If a machine is named
"glb_mx7340" for example would the
host entry look
like this:  "192.168.0.102   glb_mx7340"   ??
    
      
      
Yes.

  
      
        And if I do this than to setup network
shares and printer
shares I would
just need port 445 open on each machine?  Both TCP and UDP or  just one or the other?
    
      
      
I'm not sure about printer sharing. I imagine it uses the same network
protocols and ports as file sharing.

File shares would use 445/tcp ... hmmn, I was about to say "and not
445/udp" but a quick check with 'netstat -an' on this XP computer
shows that 445/tcp AND 445/udp are active. Google shows conflicting views,
but for example, the following says TCP and UDP:
http://support.microsoft.com/kb/" target="new">http://support.microsoft.com/kb/">http://support.microsoft.com/kb/204279">http://support.microsoft.com/kb/
204279

More confusion: On this XP box, NBT is disabled and only Windows Firewall
(WF) is used. Deep in the properties of WF it says that

File and Printer Sharing service has following open:
  tcp 139 subnet
  tcp 445 subnet
  udp 137 subnet
  udp 138 subnet

where "subnet" means that the source IP has to be on my
computer's subnet. I'm pretty sure I haven't edited the above properties,
so I don't know why it doesn't include udp 445 (maybe has never been
used??), not why it includes the 139 etc stuff (maybe NBT was enabled when
I first did file sharing??).

John

  
    
    
  





--- BBBS/NT v4.01 Flag-5