What Windows process initiate connection to other Port 139?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am not sure whether my machine got hacked.  It keeps trying to make
TCP connection to port 139 on the other machine[s].  However, I found
no process based on its initiating port.  It seems to me it was
spawned by other running process, but I am running out of idea to
track that down.

One thing I don't really understand is that how does my machine know
these IP addresses for connection; therefore, I suspect it has been

Not sure whether it is related.  There are a lot of machines trying to
make connections to my machine at port 135 and 445.  Most initiating
IP are near.  If this is normal, how do they know my IP? I just hope
my machine didn't boardcast its address for invitations! :(

I am using Windows 2000 Server with limited ports open to the net.  I
captured these IP log from my hardware router.


Re: What Windows process initiate connection to other Port 139?

Quoted text here. Click to load it

Try a web-search about SMB and Windows "File Sharing"/Network
Neighborhood, and netbios. It's a big topic.

Quoted text here. Click to load it

Broadcasts. They look for who is the domain master, have "elections",
create Browse-lists. My ISP's network is buzzing with activity from
Windows machines. I too wondered why all these machines seemed to probe
mine on certain ports, namely 137-138/udp, and 139,445/tcp. If you
have a sniffer, watch the traffic sometime and see what they send.
Have a look at http://www.samba.org/ They're better at explaining
stuff and you can see source code, unlike whatever MS has on it (if
you can find what you're looking for on their site...)

Quoted text here. Click to load it

They're probably all on your ISP's subnet, right? Visible, browsable
machines should make up the Windows Network Neighborhood (don't quote
me on this, I never checked it from a Windows machine myself). On
Linux, I can see a shares listing with something like this-

smbclient -U guest -N -L <the netbios machine's name>

Quoted text here. Click to load it

Be careful what you're serving up ;)  I few people have their C:\
shared with the rest of the subnet here. I'm not sure how secure MS
Windows 2000 server is, but there's been issues in the past regarding
this area; like anything else, keep patched, keep current, and do your

--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Site Timeline