logo

Port 137 – NetBIOS Name Service (NBNS)

Service:

netbios-ns

Protocol:

UDP

Port:

137

Used for:

Name resolution and registration in older Windows networks

Why It’s Open

Used in older Windows and SMB environments before DNS became dominant. Helps systems discover each other on LANs.

Common Risks

  • Information Leakage: Can reveal NetBIOS names and internal hostnames.
  • Name Spoofing: Used in NBNS spoofing attacks for man-in-the-middle.
  • Responder Attacks: Tools like Responder exploit 137 to poison name resolution.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Nmap check

Terminal window
nmap -sU -p 137 --script nbstat.nse


nbtscan

What to Look For

CheckpointWhat it means
NetBIOS enabledLikely older or unpatched systems
Broadcast trafficMay allow spoofing or poisoning

Known Exploits

  1. CVE-1999-0519 NetBIOS Name Service allows remote attackers to obtain sensitive information. 🔗 NVD Entry

Mitigation

  • Disable NetBIOS over TCP/IP where possible.
  • Use DNS and modern name services.
  • Monitor internal broadcasts.

Real-World Example

NetBIOS spoofing is often used in internal pentests to capture hashes or redirect traffic by poisoning name resolution.

TL;DR

  • Port 137 = NetBIOS Name Service
  • Legacy tech, disable where not needed
  • Vulnerable to spoofing and leakage
  • Risks: Information disclosure, spoofing
  • Mitigation: Disable NetBIOS over TCP/IP if not required, restrict access