NetBIOS-ssn (port 139)

pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network security
VPN
Wireless
I got attacked thru NetBIOS-ssn port 139 according to Norton Worm Protection The intrusion is MS ASN1 Interger Overflow TCP The intruder's IP is always alternate thru the last two sets: 72.235.134.133(4223) Protocol is TCP I have no idea how to block the intrusion or trace the intruder so can anyone please help me out, I felt paranoid Thx guys

Answer Wiki

Thanks. We'll let you know when a new response is added.

Without any description of your connection, I assume that you’re a home user with either a DSL or Cable modem connection to the Internet. You could possibly have a wireless connection as well.

In order to protect yourself in that type of environment, you’re going to need a firewall. You could choose a setup containing any of the following components, either in combination or by themselves:
1) Purchase a cable router that contains a firewall/IDS
2) Install a software firewall on your computers
3) Use WEP/WPA encrytption on your wireless and change the unsecure default passwords and settings.
4) Possibly use a VPN on your wireless clients, firewall the wireless router

I like the SMC Barricade Cable Router as it has a firewall, IDS, DMZ, DHCP server, and a lot of other features. There are others like Linksys, D-Link, and Netgear that are all about the same price range $40-$80.

Use a personnal firewall like ZoneAlarm on your PCs. Enable windows firewall. Don’t allow anyone to connect to your PC that you don’t want there.

Read the documentation on your wireless router and don’t do run any wizards on them. Go into the router yourself and choose the most secure options. I’m almost willing to say: “Don’t do anything that the dcumentation says…” but that’s because I read what my Linksys docs said and shivered by how insecure it would be if I did that (no encryption or changing of any defaults).

For setting up a VPN, you’ll need either a router capable of it or to setup a PC with VPN software. I’m sure there’s Free Windows VPN software out there, but it’s like putting a lock on a celephane bag. You’d probably do better finding something prepackaged because it’s the most ifficult of these to set up.

Oh… NEVER let anyone see tcp port 139 or it’s “game over.”

Good Luck. You should reload your PC now, but get a firewall in place first or you’ll be owned again.

SF

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • EEEEE5
    Yeah, my friend told me to put up my router's firewall which I disabled for some DL....now I set it to high and edited it which does work, this cracker doesn't disturb me anymore unless I set it to low....I'm glad but my DL routine now disrupted.... I can't DL anymore....I tried to reedit some more so I could open up a port but the commands is the trouble some part for me now.... guess I have to figure it out Thanks guys especially SF
    0 pointsBadges:
    report
  • Sonyfreek
    I'm not familiar with the DLink Routers, but the SMC allows me to define ports that I want to allow out. You don't need to allow anything into your firewall from the outside except for connections that have been established from the inside network. Downloads in web browsers take place over TCP ports 80 (HTTP) or 21 (FTP). If you're doing something like p2p downloads, it depends on the program you are using. Check for any advanced features on the firewall that let you fine tune the firewall rules. SF
    0 pointsBadges:
    report
  • EEEEE5
    This router is actually from Verizon Westell Versalink, its drop and pass rules isn't working as I edit it and I do not know why.
    0 pointsBadges:
    report
  • Sonyfreek
    Have you searched the Internet? Sorry, I have never configured one. We always get rid of the Westels and use a Cisco for DSL. SF
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following