LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-27-2003, 04:05 AM   #1
Gilion
Member
 
Registered: Sep 2003
Location: Netherlands
Distribution: Debian 3.0
Posts: 78

Rep: Reputation: 15
TCP packets port 135,137,138,139


In order to log any atack on my box, my firewall is logging dropped packets. This creates huge logs eating al the space on the box, so I disabled some of the logging for some frequently logged packets without knowing what they are.

I was receiving lots of packets on tcp ports 135, 137,138, 139. What are these exactly. I know 135 is used for windows media, and 137, 138, 139 are part of netbios. Should I worry about these packets? I noticed they are all from neighbouring computers.

Gilion
 
Old 10-27-2003, 09:11 AM   #2
Blindsight
Member
 
Registered: Mar 2003
Distribution: Slackware
Posts: 234

Rep: Reputation: 30
netbios

netbios is a very very noisy service. Most likely it's legitimate traffic if it's from neighboring computers attempting to view your shared files or use your printer, etc. There are nasty viruses that attempt to get in through this method as well. If you don't use samba, it's alright to just DROP packets attempting to hit those ports. 445 is another one. Logging all dropped packets really isn't nessicary unless you're trying to pinpoint a problem or attack of some sort.

Hope this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
allow tcp port 139 on internal, dmz and/or external geodo Linux - Newbie 1 11-23-2004 03:04 AM
Why does Samba send malformed UDP packets to 137 and 138? The Dartman Linux - Networking 2 04-12-2004 03:28 PM
Can't firewall udp ports 137 and 138 dbaker Linux - Security 4 06-29-2003 03:41 PM
Can/should I close NetBIOS ports 137, 138, 139 ? Q*Bert Linux - Security 24 03-28-2003 04:50 AM
how to access tcp/139 port cmardhekar Linux - General 1 08-20-2001 06:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration