Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 About PC Flank's tests
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Ask the experts
 Leak Tests Catalog NEW!
 FAQ
 Glossary
 Community
 Forum
 Security Center
 Software Store
 Books Store
 Articles Library
 Software Reviews
 Interviews

 

Tip of the day
Always check e-mail attachments with anti-virus software even from people familiar to you.
Articles Library

Quick reference to Windows Ports

In this article we will review some vulnerable ports used by Windows operating systems. You will find out about what services use the ports and learn how to fix vulnerabilities exposed by the ports.

For a definition of port see What are "ports" and "protocols"?

Ports 137-139(Win95,98,Me,NT,XP) and 445(Win2000)

Service: NetBios services
NETBIOS Name Service (TCP/UDP: 137)
NETBIOS Datagram Service (TCP/UDP: 138)
NETBIOS Session Service (TCP/UDP: 139)
SMB (TCP/UDP: 445)

What is NETBIOS and SMB?
NetBIOS (Network Basic Input Output System) is a set of networking services for PC networking. One general use of NetBIOS is to allow the sharing of files and printers between computers on a local network. The SMB (Server Message Block) protocol is used with NetBios for file sharing.

Vulnerability: Global file sharing and inappropriate information sharing via NetBIOS and Windows NT ports.

NetBios services allow file sharing over networks. When improperly configured, they can expose critical system files or give full file system access to any malicious intruder connected to the network. The intruder can gain access to victim's system files: run, delete, copy, upload/download. When file sharing is enabled on Windows machines they become vulnerable to both information theft and certain types of worms.

How to fix?

  • Filter NETBIOS-related TCP and UDP ports 135-139 (Win95,98,Me,NT) and 445 (TCP for Win2000) with the firewall.
  • If you need to use NetBIOS for file sharing in your local network set your firewall to allow NetBIOS to access only to certain hosts.
Port 1026 (Win NT)

Service: MSTASK (mstask.exe)

What is MSTASK?
MSTask (Microsoft Task Scheduler) is an application that provides services for task scheduling.

Vulnerability: Denial-of-Service

Windows NT/2000 is vulnerable to a denial of service attack, due to a vulnerability in the Microsoft Task Scheduler (MSTask.exe). An attacker can send random characters to port 1026, where MSTask.exe listens and as a result slow down a vulnerable machine and possibly freeze it completely.

MSTask.exe only permits connections through the local host, limiting this to a local attack. However, if any local proxy (i.e. Winproxy or Proximitron) is installed on the system, a remote attacker can connect to port 1026 via local proxy and perform this attack remotely. The system must be rebooted to regain normal functionality.

Hot to fix?
  • Simply set your firewall to block access to port 1026
  • You can also set your firewall to block mstask.exe
Port 135 (Win NT, 2000)

Service: RPC (rpcss.exe)

What is RPC?
Remote Procedure Call (RPC) is a technology that's used to support distributed applications with various components located on different machines. (RPC) is used in client/server applications based on MS Windows operating systems.

Vulnerability: RPC Endpoint Mapper Vulnerability

A vulnerability exists where a malformed request to port 135 used by RPC (RPC' component called Endpoint Mapper) could cause a denial of service (DoS). In its mechanism RPC contains a flaw that causes it to fail upon receipt of a request that contains a particular type of malformed data.

To restore normal functionality victim has to simply reboot his/her system.

Hot to fix?
  • Set you firewall to block access to port 135
  • You can also upgrade or patch your operating system to make sure it is not susceptible to this attack.
Port 3372 (Win 2000)

Service: MS DTC

What is MS DTC?
Microsoft Distributed Transaction Coordinator (MSDTC) is a new technology from Microsoft which provides transaction processing. The service is installed by default in Windows 2000. MS DTC can be used by such applications as Microsoft SQL Server and Microsoft Message Queue Server (MSMQ).

Vulnerability: Denial-of-Service (DoS)

A remote user may be able to cause MS DTC service to crash by sending 1024 bytes of random data to the MSDTC service (on TCP port 3372).

How to fix?
  • If you do not use MS DTC on your system just set you firewall to block access to port 3372
  • Sometimes MS DTS uses other ports so you will need to set your firewall to block any activity by MS DTS application
This article will be constantly updated with new vulnerable ports.

  Discuss this article on the Forum

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
In the Spotlight
» One man's job

» Outpost Firewall Pro Review

   
 

 
Sponsored links


   
 
Related Links
» What is the Internet and WWW?

» How can you be attacked?
   
 

 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

Secure Internet surfing with Oupost personal firewall with antispyware and free firewall available for download at www.agnitum.com. 		 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2006 PC Flank Ltd. All rights reserved.