TECHNOLOGY NEWS

Windows uses several ports for the implementation of their network functions. In earlier versions, Windows Me / NT ports were 137, 138 and 139 From the Windows 2000 Server lock message is sent over port 445 Of course, versions of Windows since 2000 is downward compatible, so the two procedures may operate in parallel. Port 137 It supports so-called. NetBIOS Name Service. With its help Windows assigns each - as in the DNS - the computer names and IP addresses. In certain cases this can cause the following situation - if a user surfing the Web server using Windows, the latter sends a query to port 137 user's computer. This happens because the server on Windows uses winsock function gethostbyaddr () to read the name of a remote computer. This feature is, however, as implemented in Windows, the first is that if you read over NetBIOS, and only in case of failure is used to read by the DNS. Such a motion should be generally prohibited, both entering and outgoing. If two networks are windowsowe exchange data via the Internet, a VPN generally be used. Port 138 Behind the NetBIOS datagram service. Windows to use it to distribute mainly information about the Windows network, mostly in the form of broadcast. For example, Windows computerbrowser NetBIOS uses information to produce a current list of Windows computers on the network, displayed in Network Neighborhood. The greatest danger associated with the service is a datagram service that a hacker can convince Windows using forged packets, that the computer belongs to a local network, and therefore can thus circumvent the security differences relating to the local computers and the Internet. And here also the principle that this port should be closed in both directions. Port 139 Through this service, NetBIOS Session Service is responsible exchange of data over Windows. If the port is open, a hacker can connect to the computer and try to hack file and printer sharing. Most commonly used method is to attack strength, which consists in trying as many as possible of likely passwords. Open port 139 may cause some other problems. Windows Messenger Service is listening here waiting for a message sent through net send, which is often used for spamming. In this case the user does not receive an e-mail, once a window opens with the news³ notice from a spammer. Therefore, this port should be closed in both directions. Microsoft Network - port 135 Even if port 139 is closed, it does not protect us against spam by the end of using Messenger. Net send command uses undocumented features of Microsoft RPC, which is in port 135 (epmap, endpoint mapper) listens in anticipation for the next RPC request. This service offers, inter alia, connection to the Messenger, so net send can use this route as an alternative, if the normal access through port 139 is not possible. There are already tools to send spam that use this method. Port 445 In Windows 2000, Microsoft has extended the possibility of the SMB performance of TCP / IP, without the roundabout way "NetBIOS over TCP / IP." Windows uses this to only port 445 (microsoft-ds). In an environment consisting entirely of Windows 2000, XP and. NET Server 2003, you can disable it by unchecking the NetBIOS over TCP / IP network card options. As a result, the reading of the names on the LAN will take place only by the DNS, but not through WINS or NetBIOS broadcast. Is therefore needed, or the DNS server on the LAN, which will manage the local PC (Windows 2000, even as a DHCP server and DNS), or on any computer you create a list of hosts. Port 445 for the principle that the SMB traffic is allowed only within a LAN.