• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows File Server exposed to the internet

L

LewisCurbishley

Junior Member
Hi all,

We have a server that's currently responding to NETBIOS pings even though ports 137-139 and port 53 are blocked externally.

Can anyone help please?
 
You are port scanning this machine from outside your LAN or is this a scan from inside your network?

If it's inside then there isn't much cause for alarm. What version of Windows is this server?
 
Hi,

I am running an nbtstat command from an external network.

Items;-

Server 2012 R2
DrayTek Vigor Firewall Router

For security purposes I cannot give out the IP address, but am getting the following return.

C:\Users\lewis.curbishley>nbtstat -a ***.***.***.***

Local Area Connection:
Node IpAddress: [***.***.***.***] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
CAL-SVR01 <00> UNIQUE Registered
CALCHAN <00> GROUP Registered
CALCHAN <1C> GROUP Registered
CAL-SVR01 <20> UNIQUE Registered
CALCHAN <1B> UNIQUE Registered

MAC Address = 9C-8E-99-64-B7-BC
 
Hi,

Yes it does.

And no, on the router I have configured it to block any inbound connections on port 137-139 and port 53 as these are all the ports used for NETBIOS & DNS.
 
Try 135 as well. With 137-139 blocked, people *probably* can't log in to Windows file sharing services, but I think with 135 available they can query the machine for services.

I'm a bit confused though; why don't you have *everything* blocked on this server (ie. default firewall config) and then open only what is required? Otherwise, you might also want to take a look at port 445 as that's the port used by =>Win2k machines for file sharing normally (135,137-139 was the older service that is still left open for compatibility).
 
mikeymikec said:
Try 135 as well. With 137-139 blocked, people *probably* can't log in to Windows file sharing services, but I think with 135 available they can query the machine for services.

I'm a bit confused though; why don't you have *everything* blocked on this server (ie. default firewall config) and then open only what is required? Otherwise, you might also want to take a look at port 445 as that's the port used by =>Win2k machines for file sharing normally (135,137-139 was the older service that is still left open for compatibility).
Click to expand...

^

Yeah it sounds like an odd setup. How are you accessing this machine from the Internet? Is the firewall actually port forwarding specific ports directly to this servers internal IP? Or is 1:1 Nat setup and that server has its own dedicated external facing IP?

I think you need to step back and determine why this server is external facing at all? If you have external users on the Internet that need file sharing done by this server you need need to use a VPN to access your internal resources.
 
Last edited:
Hi Guys,

Managed to get it fixed thanks.

And I didn't initially set this up in the 1st place. I see where you're coming from. It was a bit ridiculous not to just have everything blocked and only open needed stuff.

Only problem I had is the users needed a quick resolution and the option of making huge firewall changes just wasn't going to be a feasable option during works hours and unplanned.

I made the necessary changes and blocked ports 137-139. 135 and 53 and 445 for any external inbound connections and this fixed my issue immediately.

Cheers for all your help guys.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top