I recently discovered I have an open port: 139. I did some research and found out it is a Netbios-ssn port used for sharing files. I have scanned for relevant Trojans and found none. The port is currently 'listening.' Could this open port pose a threat to my data? And how do I close the port?
If you are on Windows-based network that is running NetBios, it is perfectly normal to have port 139 open in order to facilitate that protocol. If you are not on a network using NetBios, there is no reason to have that port open. Most networks that use NetBios and connect to the Internet also have a firewall that blocks incoming traffic on port 139. That way you are sure that all NetBios traffic originates from within your own network.
Having any open ports exposes you to potential attacks that might exploit known or yet-unknown vulnerabilities. On the other hand, depending on what your system is used for, you likely have to have some open ports in order to be useful. For example, a Web server doesn't work very well with ports 80 and 443 blocked (unless you've mapped the http services to other ports). E-mail servers need ports 25 and 110 for SMTP and POP, respectively.
If the system you are referring to is simply a PC as opposed to a server, you can probably get by using a host-based firewall, such as ZoneAlarm, to block all connections that don't originate from the PC. If you have a PC connected to the Internet via DSL or cable modem, you should purchase a hardware-based router/firewall such as those made by LinkSys or NetGear. They not only can block all incoming requests (not originating with the PC), but can also provide Network Address Translation, so that other computers on the Internet cannot even "see" your PC.
If your system is a server and you need to close ports, those directions would be specific to the kind of system you are using.
- Ask the Expert: What is port scanning?
- Ask the Expert: Identifying open ports